Re: [TLS] draft-ietf-tls-curve25519-01: Is public key validation necessary or helpful?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2015-12-31 03:30, Adam Langley wrote: > I don't mind if the integration of curve25519 in TLS requires a > zero-check or not, but what property are people hoping to gain? If > one wants to avoid triple-handshake like issues then session-hash > is

Re: [TLS] RSA-PSS in TLS 1.3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-03-01 11:35, Yoav Nir wrote: >>> [HB] We have an RFC for PSS since 2003. We had several attacks >>> showing the weakness of PKCS #1 1.5. And so (maybe not entirely coincidentally!): another attack, dubbed DROWN, just emerged¹, using SSLv2