On Mon, Oct 19, 2015 at 11:13 AM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 19 October 2015 at 11:12, Eric Rescorla <e...@rtfm.com> wrote: > > > > > > On Mon, Oct 19, 2015 at 11:06 AM, Martin Thomson < > martin.thom...@gmail.com> > > wrote: > >> > >> On 19 October 2015 at 09:28, Eric Rescorla <e...@rtfm.com> wrote: > >> > 1. Don't MAC the version at all. > >> > 2. MAC the negotiated version (which should be clear at > >> > this point). > >> > >> > >> 3. Nothing > >> > >> The version is implicit in the key derivation (yeah, there are lots of > >> rounds of HMAC between, but it's there. > >> > >> The sequence number is fed into the nonce. > > > > > > How is this different from #1? > > #1 implies the sequence number is covered by the MAC. > Yeah, I think that's riding the nonce far too hard. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
