David Benjamin
David Benjamin
Right, this is the question of whether the X.509 signature algorithms advertisement in TLS is a hint or something binding. I would argue that, given the separation between TLS and...
They are relevant if you apply the signature list as a check over the certificates which are actually sent, which is what some TLS implementations do and have caused problems...
I realized my comment from yesterday may be confusing for folks not familiar with the TLS handshake. There are two sets of signatures in TLS. The certificates carry signatures, produced...
Re TLS 1.0+ vs SSL 3.0, that's just an encoding quirk. In SSL 3.0, affirmatively sending no certificate was denoted by omitting the Certificate message and sending a no_certificate warning...
@fippo Er, are you proposing that we add an API to not only report the selected group but also control the parameters? That's a much, much larger ask and not...
Chrome's policy is a temporary compatibility measure and not limited to opt-in. We've had it on by default in HTTPS for some time now. That's our usual process; on by...
> That works for changes without a regression in a metric folks care about. Given that PQC makes the client hello go from one to two packets I'd expect reliability...
Ah yeah, polynomial MACs are nice and fast, but they're much less tolerant of truncation than HMAC. :-/
> @meteorcloudy Is this change safe to merge or does it need disambiguation so that it doesn't apply internally? FWIW, from the perspective of someone working on a project that...
@fwh-dc and OpenSSL folks: have you all been following the TLS working group discussions at IETF around DTLS? We've been finding a lot of problems and ambiguities in RFC 9147...