kaduk

Alternative to #17701

I'll also note that I only looked at places that #17701 was already touching, and did not do an independent survey of other `time(3)` usage

Oops, commented on the "wrong" PR, will go over to #17701

CMS is something of a general-purpose content format these days, getting used not just for S/MIME email protection and code signing, but also used as parts of bootstrapping autonomic network...

> I'm very disappointed with the SPAKE spec. I wanted an augmented PAKE so we can have the HDB store only a verifier. The CFRG one, the kitten one, or...

@jaltman I think the request also included the automated refresh of the TGT prior to expiration, what MIT uses the "refresh_time" ccconfig entry for. I didn't see any similar ccconfig...

> Could you please raise an issue against openssl? https://github.com/openssl/openssl/issues/18729 is now opened > and uses the digestAlgorithm field and the certificate public key in the course of its EVP_DigestVerify...

There's a pretty complicated set of issues surrouding TLS SNI usage and what's deployable, and we haven't quite covered all of it yet, here. As @enygren notes, SNI is vital...

> thanks, but I'm insisting on the "no API break" as I'd like to see it in 1.1.1 too > > and there are still ciphertexts that will return errors...

> It's actually quite unclear what a zero length ticket even means in TLSv1.2. But at least it is syntactically allowed. I think it's pretty clear, actually: ```quote 3.3. NewSessionTicket...