On Thu, Dec 31, 2015 at 08:16:35PM +0000, Blumenthal, Uri - 0553 - MITLL wrote: > I think Watson made a good point about "omittable checks". If an > implementation A "omits" this mechanism, it should fail session > establishment.
Well, here is one scheme that I can't break myself and has no checks one can just "omit": PMS = SHA-512(A|B|DHF(a,B)) = SHA-512(A|B|DHF(b,A)) Where a and b are the private keys and A and B are the public keys and DHF is X25519 or X448. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
