Hi Dmitry, On 12/1/15 9:49 PM, Dmitry Belyavsky wrote: > Dear Bryan, > > On Tue, Dec 1, 2015 at 7:22 PM, Bryan A Ford <brynosau...@gmail.com > <mailto:brynosau...@gmail.com>> wrote: > > DTLS: > > Now there's still the important question of whether this (new) proposal > could be made to work in the context of DTLS. For the DTLS case, my > current thinking is that some elements of my earlier proposal is > probably more suitable: namely using a stream cipher (or AEAD used as a > stream cipher) to encrypt and recognize the explicitly-transmitted > sequence numbers that DTLS needs. This could operate basically the same > as I described in my earlier E-mail on this topic. Note that the length > field is no longer a problem in DTLS as it is in TLS, because the > receiver already gets the length of the datagram from UDP. > > > Do I understand correctly that your propose makes difficult to derive > the key from the original value depending on the sequence number?
I'm not sure I understand your question; can you clarify? What is the "original value" you are worried about the key being derivable from? Certainly if the cipher (stream cipher or AEAD) is working correctly, it should make it cryptographically infeasible for an attacker to derive the shared secret key from anything the protocol transmits. Bryan
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
