On Sat, 2020-09-19 at 11:30 +, John Mattsson wrote:
> Hi,
>
> Recent discussions in 3GPP, ACE, and LAKE about the use of symmetric
> keys for authentication and key exchange made me think about the
> future role of external PSK in TLS.
>
> https://mailarchive.ietf.org/arch/msg/ace/A60CFIvUohB
SHA with PskKeyExchangeMode set to
'psk_ke'?
This seems redundant to me at first glance (unless some combinations
really do mean that you end up doing DHE *twice*) and could probably do
with some clarification.
Or is the intent that when requesting offering both DHE and non-DHE
cipher suite
On Mon, 2016-09-19 at 04:41 -0700, Eric Rescorla wrote:
> > Do we care that the '0x00 0x12' bytes on my third line above are
> > entirely redundant on the wire? Or have I interpreted it wrong?
>
> Not enough to fix it, this is just the way TLS rolls.
An interesting contrast to Nikos's observation
On Mon, 2016-09-19 at 05:46 -0700, Eric Rescorla wrote:
>
> > And then the client only needs to supply one copy of it for the
> > identity which the server actually selected, not one for *each*
> > identity which was being offered by the client.
>
> We're most likely going to allow only on PSK an
On Mon, 2016-09-19 at 07:55 -0700, Eric Rescorla wrote:
> > What if my client authenticates with an actual pre-shared key, and I
> > also want to resume a session? As it stands, that means I really do
> > need to offer two PSK identities — one for the real identity, and one
> > for the session resu
On Mon, 2016-09-19 at 09:53 -0700, Eric Rescorla wrote:
> > Perhaps I should turn your question round, and ask: if PSK is a first-
> > class citizen as a key exchange and authentication method, why *should*
> > we be forbidden from resuming sessions which started that way...
>
> Well, I'm not say
On Wed, 2016-09-21 at 17:46 +, Raja ashok wrote:
> [ashok] : PSK Identity extension specified in our extension differs
> from the extension specified in TLS1.3.
Agreed. I suspect it just makes sense to add a sentence to that effect,
to the draft?
> [ashok] : I feel sending the selected ID i
On Wed, 2016-09-21 at 23:00 +0300, Ilari Liusvaara wrote:
> On Wed, Sep 21, 2016 at 08:16:15PM +0100, David Woodhouse wrote:
> >
> > On Wed, 2016-09-21 at 17:46 +, Raja ashok wrote:
> >
> > >
> > > [ashok] : I feel sending the selected ID is better
On Wed, 2016-09-21 at 13:36 -0700, Eric Rescorla wrote:
> >
> I don't see how this is appreciably easier than just having the
> client offer one and then the server HRR.
If I have ten PSK identities I can offer, it may take nine round-trips
before I send the one you want.
If I list them all in m
On Wed, 2016-09-21 at 13:49 -0700, Eric Rescorla wrote:
>
> Is there a real-world use-case where this is relevant?
The number ten might be a little excessive. But there is talk of
multiple sessions being simultaneously for resumption, and multiple PSK
identities in the original meaning of that te
On Fri, 2016-11-18 at 13:19 -0800, Vlad Krasnov wrote:
> > Well, for example, your website has twice as many mentions of SSL
> > as TLS. Why? Why don't you have a product called "Universal TLS"?
> > The ratio is the same for letsencrypto.org. TLS 1.0 had already
> > existed for more then a decade
On Mon, 2016-11-21 at 19:34 +, Salz, Rich wrote:
> Do "about:config" in firefox and look for TLS:
> security.tls.version.max default integer 3
>
> And then perhaps look at http://kb.mozillazine.org/Security.tls.version.*
> (yes the star is part of the URL)
>
> EVEN MOZILLA can't
On Fri, 2017-05-26 at 10:46 +0530, Sankalp Bagaria wrote:
> Hello,
>
> http://securityaffairs.co/wordpress/59238/cyber-crime/https-phishing-sites.html
> claims
> that phishing websites using HTTPS are increasing in number. If malicious
> sites can
> get certificates, it defeats the purpose of TL
13 matches
Mail list logo
