On Tue, Dec 29, 2015 at 09:05:17AM -1000, Brian Smith wrote: > On Tue, Dec 22, 2015 at 2:09 PM, Brian Smith <br...@briansmith.org> wrote: > > > If an implementation only implements ECDHE cipher suites then > > implementing the session hash extension is not necessary, according to RFC > > 7627. I believe there are also a few other factors that would implementing > > the session hash extension to be unnecessary. > > > > If checking that the shared value isn't zero is sufficient, and/or > > blacklisting the public values that DJB mentions in [1] is sufficient, > > either would be better than mandating the implementation of the session > > hash extension just for this purpose. > > > > Actually, the check for a result of zero is already required in the current > CFRG draft; see [1]. So, I think that the easiest way to fix the TLS draft > is to just delete the misleading text.
The RFC4492bis draft already species that peer must abort on zero output. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
