On 2016-11-21, 06:31, "TLS on behalf of Yaron Sheffer" <tls-boun...@ietf.org on behalf of yaronf.i...@gmail.com> wrote:
>So the key schedule changed and therefore we think cross-version attacks >are impossible. Have we also analyzed other protocols to ensure that >cross protocol attacks, e.g. with SSH or IPsec, are out of the question? > >Put differently, algorithm designers gave us a cheap, easy to use tool >to avoid a class of potential attacks. Why are we insisting on not using >it? Unless someone points out any major disadvantages with using a context, I agree with Yaron. > >Thanks, > Yaron > >On 20/11/16 17:33, Salz, Rich wrote: >>> For those who missed CURDLE, could you please briefly explain why we >>>don't >>> need signature context in non-TLS areas. >> >> The one place we were concerned about attacks was in pre-hash >>signatures, and we made those a MUST NOT. And yes, your'e right, it's >>not relevant to TLS. >> >>> So why are we now saying that contexts are not needed even for TLS? >> >> I think because the key schedule changed. >> >> -- >> Senior Architect, Akamai Technologies >> Member, OpenSSL Dev Team >> IM: richs...@jabber.at Twitter: RichSalz >> >> > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
