[Cryptography] IPsec DH parameters, other flaws
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Jul 12 02:48:43 EDT 2020
William Allen Simpson <william.allen.simpson at gmail.com> writes:
>Authenticate the list of supported methods/transforms.
This was finally added in TLS 1.2 as the session hash/extended master secret.
No browser that I'm aware of implements it.
>Authenticate outside of encryption,
>
>Obviously, it has taken decades, and we still cannot get everybody to stop
>running SSL or TLS 1.0.
was still fought tooth and nail in TLS 1.2 before it was added. In the end I
applied the nuclear option and called for a vote of no confidence in the WG
chair for blocking adoption, at which point it was reluctantly passed.
No browser that I'm aware of implements it.
Peter.
More information about the cryptography
mailing list