[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Integrity bounds in DTLS
From: Thomas Fossati <Thomas.Fossati () arm ! com>
Date: 2020-05-19 10:50:41
Message-ID: B3ADE8B6-3B5B-4113-90A1-630535DA2A5F () arm ! com
[Download RAW message or body]
On 18/05/2020, 01:47, "Martin Thomson" <mt@lowentropy.net> wrote:
> The question is whether it is clear that these limits apply to the use
> of AEADs in TLS more generally. I think that is clear enough, but I
> doubt that people will pay any mind unless they are implementing TLS
> 1.3.
Yes, that's exactly my original point. I'd like to maximise the chance
that the message doesn't get ignored: we have 1.2 deployments around
that are not likely to be forklifted to 1.3 soon and will have to
make them aware of the risk nonetheless.
> The problem with TLS 1.2 is that there is no option for key updates,
> unless you count renegotiation, which is often disabled. When I added
> limits to NSS, all I could reliably do was make the connection
> terminate if the limit was hit (which is why the limits used are
> larger than advised in the spec).
Sure, protocol version as well as stack specific reactions will differ.
I guess my question is whether, to maximise coverage/visibility, it
makes sense to state the general problem together with version specific
behaviours in a separate doc?
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and \
may also be privileged. If you are not the intended recipient, please notify the \
sender immediately and do not disclose the contents to any other person, use it for \
any purpose, or store or copy the information in any medium. Thank you. \
_______________________________________________ TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic