On Tue, May 2, 2017 at 2:29 PM, Nico Williams <n...@cryptonector.com> wrote:
> On Tue, May 02, 2017 at 04:52:17PM -0400, Daniel Kahn Gillmor wrote: > > On Tue 2017-05-02 14:57:54 -0500, Nico Williams wrote: > > > Well, I did say that to me there's not much difference to _me_ between > > > "connections reusing the same ticket can be correlated to each other" > > > and "connections reusing the same ticket can be correlated to each > other > > > and the connection whence the ticket". Others might disagree, > > > > I disagree, Nico! :) > > Excellent. So now consider what followed the above. That is, that the > correct thing to do is to properly encrypt a timestamp rather than XOR > an OTP that then gets reused when the ticket gets reused. > It's not XOR. It's addition mod 2^32. That's important because the *difference* between the ticket replay times is directly observable anyway. -Ekr Why on Earth are still doing improper crypto in TLS?!‽ In TLS 1.3 no > less! Call it "janky", call it what you will. It's broken. Please > fix. > > Nico > -- > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
