Joe Birr-Pixton
Joe Birr-Pixton
~~not worth reviewing yet:~~ - ~~I've broken ECH~~ (now fixed) - ~~I've commented out a slab of tests~~ - ~~For other tests, I'm not super happy that they mean making...
We can choose carefully when to merge this. The final commit is 100% mechanical, but it will cause significant conflicts in other PRs.
We should -- experimentally and optionally -- support [X25519Kyber768Draft00](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/) and track the drafts through standardisation. We could perhaps do this in a separate crate which exports a `CryptoProvider` based on...
I think the ticketer code should be relying only on monotonic time so tickets have the desired lifetime irrespective of system clock jumps.
For background, see https://mailarchive.ietf.org/arch/msg/tls/3SoegXZowJM567_O6Fh2_LCFkPU/ We choose a suitable key exchange group in the way described in https://www.ietf.org/archive/id/draft-davidben-tls-key-share-prediction-00.html#name-downgrades which puts emphasis on avoiding a HelloRetryRequest, at the expense of client or...
# Background Currently a single rustls connection owns several buffers: - incoming TLS data, that has been read with `read_tls()` but not yet processed by `process_new_packets()`. This is embedded into...
In TLS1.2, this actually means ECDSA_SHA512. If the peer selects that, we get caught out depending on the curve of the public key because we don't support (for example) `ECDSA_NISTP256_SHA512`....
We should extend our benchmarking programs to demonstrate/validate the performance benefit in these APIs.
Hello! I've been looking over https://github.com/hacl-star/hacl-star/tree/afromher_rs/dist/rs/src linked from https://jonathan.protzenko.fr/2024/03/20/hacl-rs.html. Very interested in having a verified, pure rust cryptography library, so this is exciting. Some comments: 1/ There seems to be...
examples: - https://rustsec.org/advisories/RUSTSEC-2023-0083.html links to https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H - https://rustsec.org/advisories/RUSTSEC-2024-0336.html links to https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H The example report at https://github.com/rustsec/advisory-db/blob/main/EXAMPLE_ADVISORY.md?plain=1#L12 does include the version qualifier, so the contents of advisory-db for these two reports...