On 24 May 2016 at 08:20, Dang, Quynh (Fed) <quynh.d...@nist.gov> wrote: > 1. For this text: "plus the length of the output of the signing algorithm. > " in the last paragraph of Section 4.8.1, did you mean "plus the output of > the signing algorithm.” ?
The text is correct. It is talking about the length of the structure, not its contents. > 2. "The length (in bytes) of the following TLSCiphertext.fragment. The > length MUST NOT exceed 2^14 + 256. An endpoint that receives a record that > exceeds this length MUST generate a fatal "record_overflow" alert. " . There > could be a cipher that generates ciphertext longer than plaintext in some > cases plus the tag. If the tag was 256 bits, then this requirement would > disallow that cipher unnecessarily when a record size is 2^14. The value 256 is octets, not bits. If you are aware of a need for an authentication tag longer than 256 octets, now would be a great time to tell all of us. > 3. "The padded sequence number is XORed with the static client_write_iv or > server_write_iv, depending on the role.” I think the ivs are not needed. We discussed this at quite some length. I originally took your position, but the IVs add an extra layer of safety at very little cost. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
