Brian Kamotho

icon indicating a website link https://unwindprotect.com icon indicating an email [email protected]

icon location Kenya icon location One of several billion human beings

Results 4 issues of Brian Kamotho

Validate received DH parameters to counter MITM as per https://tools.ietf.org/html/rfc7457#section-2.9

Validate parameters as in rfc2631 or ANSI X9.42 to ensure the parameters we receive from the other party are cryptographically secure.

enhancement

#'generate-dh-params in DH/diffie-hellman.lisp does not pass correctness test

The function that implements section 2.2.1.1 of rfc2631 needs to be rewritten. This is needed because the current implementation does not pass the correctness tests in the specs.

bug

Add support for OCSP stapling

Specified in https://tools.ietf.org/html/rfc6961 OCSP stapling eliminates privacy concerns for OCSP and saves bandwidth for clients by requiring server to query OCSP responders themselves.

enhancement

Implement https://tools.ietf.org/html/rfc7366 in response to https://tools.ietf.org/html/rfc7457#section-2.4

This requires creating modified versions of the functions #'encrypt-and-send and #'ciphertext-to-compressed that handle mac-then-encrypt rather than encrypt-then mac. In addition, add mechanisms to the hello messages to facilitate negotiating this...

enhancement