Hi folks,
There's one late breaking issue we need to resolve for DTLS 1.3 before it
proceeds to publication:
https://github.com/tlswg/dtls13-spec/issues/249
Based on discussions with some people involved in the security analysis of TLS
1.3, a proposed fix is here:
https://github.com/tls
I left a comment, but I don't think that the fix, as it is specifically
proposed, works.
The general shape of the proposal seems credible. A larger epoch space, of
which we only send the least-significant bits, would seem to address the
concern. But the proposal doesn't specify what to do wit
On Tue, Oct 5, 2021 at 6:36 PM Martin Thomson wrote:
> I left a comment, but I don't think that the fix, as it is specifically
> proposed, works.
>
> The general shape of the proposal seems credible. A larger epoch space,
> of which we only send the least-significant bits, would seem to address
Joseph Salowey has requested publication of draft-ietf-tls-subcerts-11 as
Proposed Standard on behalf of the TLS working group.
Please verify the document's state at
https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/
___
TLS mailing list
TLS@i
On Wed, Oct 6, 2021, at 12:58, Eric Rescorla wrote:
> This isn't dispositive, but note that TLS 1.3 doesn't include the epoch
> in its nonce at all.
That strengthens the gut instinct some, as does the fact that QUIC doesn't
either. But neither of those protocols is exactly the same as DTLS. D
