Since I've referred to TLS-LTS a couple of times now I should mention that I've just posted an update, with the following changes:
- Clarified what happens during a session resumption. - Fixed the ServerKeyExchange text to indicate what happens when the hash isn't the default SHA-256. Is the resulting text comprehensible? That is, does it make clear what's signed, and with what hash? - Added an alternative, quicker way to verify domain parameters that doesn't require the full FIPS 186 checks. - Reworked the text about the handling of extensions yet again. I'm still not happy with this, or certain that it's sufficiently unambiguous, can people see if they can pick holes in it? - Reworked the rationale. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
