ietf
[Top] [All Lists]

Re: I-D Action: draft-thomson-postel-was-wrong-01.txt

2017-06-19 10:02:23
On Mon, 19 Jun 2017, Eric Rescorla wrote:

      Also the consequences of being strict can be worse. Should a TLS 
connection fail if the nonce size for the
      integrity algorithm is too weak?

Not to get too into the weeds, but this isn't a coherent question: In TLS 1.1 
and TLS 1.2 [0]
the size of the nonce is associated with the cipher suite and it's encoded onto 
the wire
without framing. If the sender uses the wrong nonce size, you just get 
integrity failures.

Ok you caught me on a last minute IKE -> TLS word-smithing change :)

We did run into this in our IKE implementation when going through FIPS
validation. And it seemed no one care that our values were too small
to do SHA2_512.

Paul

<Prev in Thread] Current Thread [Next in Thread>