Filippo Valsorda
Filippo Valsorda
Timing out as unreproducible. Please open a new issue if this is observed again.
Since we are preparing v2.0.0 of the Go Cryptographic Module, I had a look at whether we need to add anything for the benefit of QUIC implementations. Three general points:...
> I assume we can apply the same reasoning to the resumption token (section 8.1.1 of RFC 9000), which is used by the server to offload state (e.g. the RTT...
Ah! Any reason not to use cipher.NewGCMWithRandomNonce for that? Or, if you might need to encrypt more than 2^32 tokens under the same key, either XAES-256-GCM or AES-CTR+HMAC-SHA-256. Both would...
We also [got permission](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/6U34L4ISYzk/m/cKPabJ5BAQAJ) to import the tests from https://github.com/smuellerDD/leancrypto/tree/master/ml-dsa/tests and described at https://leancrypto.org/leancrypto/debugging_support/index.html#generation-of-ml-dsa-signature-generation-rejection-test-vectors. Moreover, we should add a couple tests for randomized signatures. It's a simple scheme, but good...
We can import the ct0 tests from ACVP (see https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/6U34L4ISYzk/m/hel75x07AQAJ).
> Note that changing this might invalidate checksums based on the full content of zip files for files created before this change. > > Go modules containing files greater than...
We support a subset of all possible TLS extensions to limit complexity. certificate_authorities in Client Hello is rarely used and has size issues when supporting more than a handful of...
I'm pretty excited about this, so far we don't have a good story for how the author-to-sumdb link is secured, but it's a very small gap to fill thanks to...
> This dovetails with the question of exactly when someone/something would run this verification command. The most common flow would be simply ``` $ git tag v1.2.3 $ git push...