Re: [TLS] Another IRINA bug in TLS
Santiago Zanella-Beguelin <santiago@microsoft.com> Sun, 24 May 2015 12:59 UTC
Return-Path: <santiago@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC3D1A8AE0 for <tls@ietfa.amsl.com>; Sun, 24 May 2015 05:59:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_18=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSTRHeSDVgfq for <tls@ietfa.amsl.com>; Sun, 24 May 2015 05:59:40 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0723.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::723]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1864D1A8AE3 for <tls@ietf.org>; Sun, 24 May 2015 05:59:39 -0700 (PDT)
Received: from CY1PR0301MB1257.namprd03.prod.outlook.com (10.161.212.155) by CY1PR0301MB0841.namprd03.prod.outlook.com (10.160.163.147) with Microsoft SMTP Server (TLS) id 15.1.166.22; Sun, 24 May 2015 12:59:20 +0000
Received: from BY2PR03CA002.namprd03.prod.outlook.com (10.255.93.19) by CY1PR0301MB1257.namprd03.prod.outlook.com (10.161.212.155) with Microsoft SMTP Server (TLS) id 15.1.166.22; Sun, 24 May 2015 12:59:18 +0000
Received: from BL2FFO11FD054.protection.gbl (10.255.93.4) by BY2PR03CA002.outlook.office365.com (10.255.93.19) with Microsoft SMTP Server (TLS) id 15.1.172.22 via Frontend Transport; Sun, 24 May 2015 12:59:18 +0000
Authentication-Results: spf=pass (sender IP is 206.191.250.196) smtp.mailfrom=microsoft.com; cs.auckland.ac.nz; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 206.191.250.196 as permitted sender) receiver=protection.outlook.com; client-ip=206.191.250.196; helo=064-smtp-out.microsoft.com;
Received: from 064-smtp-out.microsoft.com (206.191.250.196) by BL2FFO11FD054.mail.protection.outlook.com (10.173.161.182) with Microsoft SMTP Server (TLS) id 15.1.172.14 via Frontend Transport; Sun, 24 May 2015 12:59:16 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net (141.251.50.216) by DB4PR30MB032.064d.mgd.msft.net (141.251.50.216) with Microsoft SMTP Server (TLS) id 15.1.112.16; Sun, 24 May 2015 12:59:15 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) by DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) with mapi id 15.01.0112.000; Sun, 24 May 2015 12:59:14 +0000
From: Santiago Zanella-Beguelin <santiago@microsoft.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Another IRINA bug in TLS
Thread-Index: AdCUn0KvDdHZ+lmQNUW54l67jurcrQAGEh4FAFmzKQAAABp43w==
Date: Sun, 24 May 2015 12:59:14 +0000
Message-ID: <1432472352214.2674@microsoft.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AB029727@uxcn10-tdc05.UoA.auckland.ac.nz>, <1432317148442.5357@microsoft.com>, <9A043F3CF02CD34C8E74AC1594475C73AB02AC90@uxcn10-tdc05.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB02AC90@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [109.216.4.228]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD054; 1:wajfz4BEd/2GjHik4loItzi38toICJVQkEdccJsckfUNjnwvMdSz7wrPr+T5KhY/PucHVJQgTGXKL0aBXi2THvdyzfDxeS8UJiNnh+2/M/+Umryu99FIn5P5lGvz6cYyTT6uoex9qLFZeC3LZVFFyYmkQg4TNl8W0N+23IsoZ18XpU1RyyP7bAJnDiK/d2sD/rI952Ndqrbx/EnZ7R06NcskMLNZKWaVjiIkmM9aym5DV6eXR9+19gUSStKZ4IIAgkFQmWcBu4AYRgNVsBHGog==
X-Forefront-Antispam-Report: CIP:206.191.250.196; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(199003)(189002)(106466001)(68736005)(4001540100001)(5001860100001)(2900100001)(62966003)(16796002)(77156002)(2950100001)(54356999)(76176999)(50986999)(50466002)(102836002)(92566002)(36756003)(81156007)(97736004)(86612001)(64706001)(86362001)(5001770100001)(5001960100002)(47776003)(107886002)(189998001)(5001830100001)(23756003)(6806004)(46102003)(87936001)(86146001)(2656002)(69596002)(117636001)(66066001)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB1257; H:064-smtp-out.microsoft.com; FPR:; SPF:Pass; PTR:ErrorRetry; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1257; 2:4NXVjx/P1k4crUxvYpx1stEluU8q6110pbrFgT6UGV7woJVpT3QcDxEnMODHe1cP; 2:elPaPEbGdHiUvwwzkSIqPvuGVQ734SlYryQAcszwmr+2/huQt8ZF0Ah6HO0GBJm71+AjQL6hr0+YC2y/p1t0wh5lxb+1tUJfRRfCGB5iYE5TKeUY2Cwf4lMYtkhkbKemD/64dmWeHRocsZtvQE9o0K6vlDezlTEMwHb3Tp+ltY+M2bkNAOM/hwgvjG3lA5zwP8cFUt3zyIvOzci9/0GcU8XIugxYVqe9FQfrT1zR3tClrbZT3KY95UcYpedcWRur; 6:YFkRDa8zeghM9ORVmNVJq+SUBezxWqylXFhDYIVRTMwyax+t6hZH3WnPJitHvpIzENHh+D+/B7OWPFFAasrvu8Vg3kGVfce8ov4f/CwVVvpLIOkq29NfFveMs7U41h1jrIK+hN4mhK5aQ46JHCLo3O1SjEdkT8YnfC5tGLMoomeULMiMtshhR0Lm8psbANcjTzgXb4FanVZ4P9qN6pn8jmpSY7DWxfjMOo52k6CslKaFHaEayt0q4H8rYvaVRU3Du6KV1sW4kJAGChjp43h58lRuPxBGIWapmHwyZ8ub4wWVVE/rr7ysxZKVGu5WAp0+bRdFMLfibTgfXiqAmkJzoENcC+VjTt5/xl8MAc3NauVG1MqfEhKlQXsHL9FQkqEqL1FKDyH3ZGqnQ+pO3GAHQ1op0eF3QPuiNLGSY5gaRurt/BNJDG1NRQnzD55B565xfS4dbkXeXvR8+FxUlcCrcd1n2AtVmHkGmPwsEYamFdQy128hNC5AK846/lnDu0/j
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB1257; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0841;
X-Microsoft-Antispam-PRVS: <CY1PR0301MB125739A9D3D4C2961521098AC9CE0@CY1PR0301MB1257.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(520002)(3002001); SRVR:CY1PR0301MB1257; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB1257;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1257; 3:M+jrljAFS9j0mjwSuza5czK7teM45XUG9Wi0+3SwcYv0fA1e0g8YDDYyQf2dnmmnGkn/20mGg6H7dMWQy+8uZZx+r4mQHCnvNvNQEBfsFkWolBQKriTHbkMUKCmgPw1xkvP8UEcTpmYjBRBcnHCDMi7q0R45rm+LUwlwqaF+lCm1qQZm0wF5i71k2OHpJ9Ophs3IB4qbO4DNCk5Ge0PVZ+9+B+v2PD2w0G9l2K7Ju3fnwKwbb3dcXeyH/kQgvrTHvZZXi11Kxi44ZAjzlFiX9LfKdVhOIPQX6gBas+EuVeV/FomyvbF5PatY5VCyqiFiEKjJuBGoc015EcKKfoLaiQ==
X-Forefront-PRVS: 058637CA05
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1257; 9:sRo2usngLPUKO22O8zthh+yVipRqoYEf4Oiq5U3oFXOPcv2HaysOfH4NoEOm/sGhpjZuNmx96t0GCAm0aJaQPxRtGrmfGRCXr7WQcyJwieB+U1leFz90Mg2qYF0LbM0zDEUh16lDiJtBGzylXi+Z2osMg3x5qdyZn4KjY7mD+XmETsve4hftuzIDsG12B8PvAO4m8lrPGD5MDpm028vM0HvLYl0oSSgpsTiTloLsBcAT/1g0yrc2LPOUpFsQuxmOPNlAL2uHyjJmNqJOPPjW22tECxI8N9UwU4pj9lvRM1dE92NdZNAcavTiMC3OXC6yCxRBki8W1rPvILOreyWgJWzJk95m6tC6NFHwVXRddBGs9txqXC2JvodjxJdIC4DkfkXWqK2dhnTGTvR+aNYE3Om87zAEo9SD5f5YbUknjtNbMBzvhQD0Z5GltzjGajKZYTC/D/kcg8j3I1Nm74CPwrLZhHUGUpU8ub95wso/SBOZsZ5S+vQpN0rYyGHlVGSwnnMRZ27xkNWj+Rxg8wKMgntXsE+o8lt4mPvMF0tYoO5UFuy6kMXp3KEvPa9Gcjk2E3fYx01tfhhmQ+NpeoMYoyhmdU3F27TliWdzC81167hNPBWLQY5G61DKF/ghSJ6yJNMv0+YV8FHaDWREdcEfNqTaPQGLV7FCAhYllaCVzCkjYgykfiahq1EY86+IqJXon6oA6AVMrXCqDoSCyr67wLRuFAk3e7ui8QHPyPsS/QxWhfdvsuxdjAKdZLMBUsh6M3tSE0r++ayCeyN08g0HhOpypbZ9JscI81m1J/awzfvwL/QkW+ZKJd0YTVa2q47fqQHtOV+8oufM1XL3adsB3dMZiBfROis8dlKuRnx3NadvMppdD1cn9Z1oLb2MGIOH5KAPCJS8XEFDNly13YO6ty9YYluFWJ4KBznhTnT77Y/i4QCAbsLX6jsQaE1u3eN+IrRFvqIBr9tbeelr43ym8HGGSZXQsdM9wH2M9fgOKRU1K9iD5gzZDZA0H+h/1dfsf2eVRAA1fAn8rZQ053rs1QKiBABOUpFVswFT1+hEE2apvU+NjJGJCfUU64t4kU1v
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1257; 3:gLJEh2nOnK5ft9HGH6c5bQW4z0ISevjD8ONAN3kTx3UdCDrk9o4wws72bIz/5GFcmZYJUbo5I752uomRLLENWieZgyLO9WjGHUdnPElV8+YUsLtLK1KsuSc+vt4CeAl4gxya/X4xtgiP7QxwdpQIjg==; 10:mj6PAewkAWPGDOlZo+h8zuGTZ/NAIVwnZpEiWUZPArrNHWIqS47JMYvc1trw2ZYLgJWlqIgKASHQhFS52ufTbQ9D/qtS+SZ9Lu89+Uc9EBg=; 6:xjrWig1bOAH5+qszkQwxpHHZTYwy/bQC+zlyy31oFajF6NXnZNMcdKd1SQX4rpIm
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2015 12:59:16.9823 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[206.191.250.196]; Helo=[064-smtp-out.microsoft.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB1257
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0841; 2:fB5Kwky8omZytMfbg87MNIAEMuuEfiiUW0IuAtqlXKg4giJV4aRk7xfW5YMX36zB; 2:RKzfAFsmm8xByG7IYsLNt9/XBSP2SDJ5XOH7ivuGbcEP8cEEq2mGyfKtRWLUfWpqKHZHVqDrpBlfYbD8myDYLStAQmjgDbviS9TDnS9zWxu5bl8EbMVUcJq5TdRXuhNPVh9H8aGcdMyG50STgngfsFx5qa2Hw5lLnm4/D1nEPp829H5uny7WUIuFzdFmupCr6MRdQ3qy9Qs58xpOw27H+OJEnkdqlRLcaS8FrTZnQ+XFeovIutbDpupGYXmSLzs4; 9:DPCm4HzV5bZNQnSIbN/G/PIketTRG6wUPbS27n/2VsSej/K8Wk4Rj4DzIk6Bei9akzwf9Boo1+NhCPc/YswLWAenmJugliFgK8w0E9O44DGwDBwlC5RKF1pewSaX1VnNXUQ0/AMCV+OX4qD0Wd0d4w==
X-OriginatorOrg: microsoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8hTre5faXNY8345rwVkIsODchIc>
Subject: Re: [TLS] Another IRINA bug in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2015 12:59:41 -0000
> Just out of interest and if you have any sort of figures, what sort of > rejection rate do you get, and what sort of distribution do you see for g=2 > vs. g=anything else? Sorry, we don't have that sort of telemetry. > I've seen a lot of g=2, then some g <= 8 bits, and a > very few sizeof( g ) == sizeof( p ) which I suspect is the q vs. g confusion > mentioned elsewhere For DSA parameters, sizeof(g) == sizeof(p) is what's expected. Rather, sizeof(g) == sizeof(q) would be very suspicious. > (looking at dh_check.c, I see that it comments out the > check for g=3, implying perhaps that it's not seen in the wild?). Are you talking about OpenSSL? I don't know what it checks. > However because I typically don't have direct contact with, or control over, end > users, only developers building end-user products, in my case any check with a > FP rate greater than zero is going to cause headaches. Even something as > simple as rejecting obviously bogus g values (which is what the broken PLC > I've mentioned previously does, among assorted other bugs) causes problems > because what matters is availability, not correct use of DH values (or correct > implementation of the TLS protocol). Then I'm afraid I cannot help you. What matters to me the most is security, not being able to interoperate with servers using buggy parameters or insecure implementations of TLS.
- [TLS] Another IRINA bug in TLS Watson Ladd
- Re: [TLS] Another IRINA bug in TLS Tom Ritter
- Re: [TLS] Another IRINA bug in TLS Ilari Liusvaara
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Aaron Zauner
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Watson Ladd
- Re: [TLS] Another IRINA bug in TLS Salz, Rich
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Martin Rex
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Yuhong Bao
- Re: [TLS] Another IRINA bug in TLS Karthikeyan Bhargavan
- Re: [TLS] Another IRINA bug in TLS Florian Weimer
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Yngve N. Pettersen
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Yoav Nir
- Re: [TLS] Another IRINA bug in TLS Antoine Delignat-Lavaud
- Re: [TLS] Another IRINA bug in TLS Florian Weimer
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Florian Weimer
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Florian Weimer
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Aaron Zauner
- Re: [TLS] Another IRINA bug in TLS Aaron Zauner
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Nikos Mavrogiannopoulos
- Re: [TLS] Another IRINA bug in TLS Dave Garrett
- Re: [TLS] Another IRINA bug in TLS Aaron Zauner
- Re: [TLS] Another IRINA bug in TLS Watson Ladd
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Dan Brown
- Re: [TLS] Another IRINA bug in TLS Watson Ladd
- Re: [TLS] Another IRINA bug in TLS Dan Brown
- Re: [TLS] Another IRINA bug in TLS Jeffrey Walton
- Re: [TLS] Another IRINA bug in TLS Nico Williams
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Jeffrey Walton
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Kurt Roeckx
- Re: [TLS] Another IRINA bug in TLS Karthikeyan Bhargavan
- Re: [TLS] Another INRIA bug in TLS Daniel Kahn Gillmor
- Re: [TLS] Another INRIA bug in TLS Andrei Popov
- Re: [TLS] Another INRIA bug in TLS Martin Thomson
- Re: [TLS] Another INRIA bug in TLS Martin Thomson
- Re: [TLS] Another IRINA bug in TLS Tony Arcieri
- Re: [TLS] Another INRIA bug in TLS Jeffrey Walton
- Re: [TLS] Another INRIA bug in TLS Tanja Lange
- Re: [TLS] Another IRINA bug in TLS Tanja Lange
- Re: [TLS] Another INRIA bug in TLS Andrey Jivsov
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another INRIA bug in TLS Martin Thomson
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another INRIA bug in TLS Karthikeyan Bhargavan
- Re: [TLS] Another IRINA bug in TLS Kurt Roeckx
- Re: [TLS] Another IRINA bug in TLS Kurt Roeckx
- Re: [TLS] Another INRIA bug in TLS Stephen Farrell
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another INRIA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Watson Ladd
- Re: [TLS] Another IRINA bug in TLS Jeffrey Walton
- Re: [TLS] Another IRINA bug in TLS Watson Ladd
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Karthikeyan Bhargavan
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Tanja Lange
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Peter Gutmann
- Re: [TLS] Another IRINA bug in TLS Santiago Zanella-Beguelin
- Re: [TLS] Another IRINA bug in TLS Andrey Jivsov
- Re: [TLS] Another IRINA bug in TLS Hubert Kario
- Re: [TLS] Another IRINA bug in TLS Hubert Kario
- Re: [TLS] Another IRINA bug in TLS Karthikeyan Bhargavan
- Re: [TLS] Another IRINA bug in TLS Karthikeyan Bhargavan
- Re: [TLS] Another IRINA bug in TLS Hubert Kario
- Re: [TLS] Another IRINA bug in TLS Daniel Kahn Gillmor
- Re: [TLS] Another IRINA bug in TLS Jeffrey Walton
- Re: [TLS] Another IRINA bug in TLS Andrei Popov
- Re: [TLS] Another IRINA bug in TLS Nico Williams
- Re: [TLS] Another INRIA bug in TLS Nico Williams