[TLS] What is "completed handshake"?

2022-08-08 Thread Dmitry Belyavsky
Dear colleagues, RFC 8446 refers to "completed handshake" as a prerequisite for some messages. But looking for the word "completed", I don't see any definition. Could you please point me to it (and probably, include this definition into rfc8446-bis)? Many thanks! -- SY, Dmitry Belyavsky

Re: [TLS] What is "completed handshake"?

2022-08-08 Thread Töma Gavrichenkov
Peace, On Mon, Aug 8, 2022 at 4:19 PM Dmitry Belyavsky wrote: > RFC 8446 refers to "completed handshake" as a prerequisite for some messages. > But looking for the word "completed", I don't see any definition. Section "2. Protocol Overview", page 13 says: "Upon receiving the server's messages,

[TLS] Servers respond with BadRecordMac after ClientFinished, sent when PSK+EarlyData

2022-08-08 Thread Kristijan Sedlak
Hello everyone. I decided to get involved here since I hit a dead end when resolving an Alert(20) error that I get from almost all servers when using PSK with EarlyData. Here's the initial issue I opened https://github.com/thekuwayama/tttls1.3/issues/48. It relates to a specific implementati

[TLS] Getting started, clock not set yet

2022-08-08 Thread Hal Murray
I work on NTP software. NTS (Network Time Security) uses TLS. Many security schemes get tangled up with time. TLS has time limits on certificates. That presents a chicken-egg problem for NTP when getting started. I'm looking for ideas, data, references, whatever? Is there other work in this

Re: [TLS] Getting started, clock not set yet

2022-08-08 Thread Peter Gutmann
Hal Murray writes: >Many security schemes get tangled up with time. TLS has time limits on >certificates. That presents a chicken-egg problem for NTP when getting >started. > >I'm looking for ideas, data, references, whatever? For commercial CAs, the expiry time is a billing mechanism, not a s

Re: [TLS] What is "completed handshake"?

2022-08-08 Thread Ben Smyth
On Mon, Aug 8, 2022 at 4:19 PM Dmitry Belyavsky wrote: > RFC 8446 refers to "completed handshake" as a prerequisite for some messages. But looking for the word "completed", I don't see any definition. On Mon, 8 Aug 2022 at 15:21, Töma Gavrichenkov wrote: > "Upon receiving the server's messages, th

Re: [TLS] What is "completed handshake"?

2022-08-08 Thread Martin Thomson
On Tue, Aug 9, 2022, at 16:36, Ben Smyth wrote: > On Mon, 8 Aug 2022 at 15:21, Töma Gavrichenkov wrote: >> "Upon receiving the server's messages, the client responds with its >> Authentication messages, namely Certificate and CertificateVerify (if >> requested), and Finished. At this point, the h

Re: [TLS] Servers respond with BadRecordMac after ClientFinished, sent when PSK+EarlyData

2022-08-08 Thread Ilari Liusvaara
On Mon, Aug 08, 2022 at 08:15:41PM +0200, Kristijan Sedlak wrote: > Hello everyone. > > I decided to get involved here since I hit a dead end when resolving > an Alert(20) error that I get from almost all servers when using PSK > with EarlyData. > > Here's the initial issue I opened > https://g