| d329bc5 | EKR | 10 March 2017, 23:08:26 UTC | Update changelog | 10 March 2017, 23:08:26 UTC |
| cb8adb9 | EKR | 10 March 2017, 23:03:11 UTC | Clarify the HRR->PSK interaction | 10 March 2017, 23:03:11 UTC |
| be1e164 | EKR | 10 March 2017, 22:46:07 UTC | Update change log | 10 March 2017, 22:46:07 UTC |
| 7a68076 | ekr | 10 March 2017, 22:36:21 UTC | Merge pull request #904 from ekr/clean_up_post_ch1_reify Add cipher suite to the HRR. This makes it slightly easier for the | 10 March 2017, 22:36:21 UTC |
| f4841f2 | EKR | 10 March 2017, 16:48:04 UTC | Text clarification | 10 March 2017, 16:48:04 UTC |
| 5a89e45 | ekr | 10 March 2017, 01:40:47 UTC | Merge pull request #905 from ekr/pr870_cert_plus_psk Clarify the relationship between PSK and certificates. Closes #870 | 10 March 2017, 01:40:47 UTC |
| a6b5626 | EKR | 10 March 2017, 01:38:23 UTC | Add comma | 10 March 2017, 01:38:23 UTC |
| 6201de3 | EKR | 10 March 2017, 01:03:48 UTC | Clarify the relationship between PSK and certificates. Closes #870 | 10 March 2017, 01:04:02 UTC |
| 10f6359 | EKR | 22 January 2017, 00:14:05 UTC | Add cipher suite to the HRR. This makes it slightly easier for the client to implement because it knows what hash the server will select. Also clarify the language about HRR and Key Shares. | 10 March 2017, 00:23:40 UTC |
| 38f0791 | ekr | 09 March 2017, 23:24:49 UTC | Merge pull request #901 from ekr/hash_ch_before_hrr2 Special-case the hash for CH1 when HRR is used. This allows the | 09 March 2017, 23:24:49 UTC |
| 3630400 | EKR | 09 March 2017, 23:22:35 UTC | Fix editorial issues for PR #901 | 09 March 2017, 23:22:35 UTC |
| ed35996 | ekr | 08 March 2017, 21:22:43 UTC | Merge pull request #902 from ekr/issue871_ticket_lifetime Warn about eternal ticket extension. Fixes #871 | 08 March 2017, 21:22:43 UTC |
| 1713bce | ekr | 08 March 2017, 17:21:28 UTC | Merge pull request #903 from mattcaswell/fix-record-boundary End of ClientHello and EndOfEarlyData messages should be on a record boundary | 08 March 2017, 17:21:28 UTC |
| ff3d4b4 | Matt Caswell | 08 March 2017, 17:15:35 UTC | End of ClientHello and EndOfEarlyData messages should be on a record boundary An EndOfEarlyData message signals a key change. A ClientHello can be the last message read before a key is changed, and it never makes sense for a ClientHello to have more data after it in the record. | 08 March 2017, 17:19:42 UTC |
| 92a7b1a | EKR | 08 March 2017, 16:52:07 UTC | Warn about eternal ticket extension. Fixes #871 | 08 March 2017, 16:52:07 UTC |
| 464ef3b | EKR | 22 January 2017, 00:05:50 UTC | Special-case the hash for CH1 when HRR is used. This allows the server to just store H(CH1) when doing HRR. | 08 March 2017, 16:48:42 UTC |
| ca8fad3 | ekr | 08 March 2017, 16:15:12 UTC | Merge pull request #897 from davidben/there--are--four--keys Tidy up singular vs. plural session keys. | 08 March 2017, 16:15:12 UTC |
| eefb7f6 | EKR | 08 March 2017, 16:14:20 UTC | Remove unnecessary arrowheads | 08 March 2017, 16:14:20 UTC |
| c63a646 | ekr | 08 March 2017, 16:13:37 UTC | Merge pull request #899 from mimoo/fixing_hkdf_extract_syntax fix consistency of the key schedule diagram | 08 March 2017, 16:13:37 UTC |
| da819b5 | EKR | 08 March 2017, 16:13:12 UTC | Derive-Secret can now have an argument from the top. Closes #900 | 08 March 2017, 16:13:12 UTC |
| 3953ef4 | david | 08 March 2017, 11:25:45 UTC | fix consistency of the key schedule diagram | 08 March 2017, 11:25:45 UTC |
| cc51013 | EKR | 07 March 2017, 17:42:12 UTC | Fix exporter definition bustage from PR#882. Fixes #898 | 07 March 2017, 17:42:12 UTC |
| 36f0088 | David Benjamin | 07 March 2017, 04:34:46 UTC | MT comments | 07 March 2017, 04:34:46 UTC |
| 74fd327 | David Benjamin | 07 March 2017, 04:21:00 UTC | Tidy up singular vs. plural session keys. Follow-up to 3996e459d1bc697b0b23a048cbe94496140bc3b5. | 07 March 2017, 04:21:25 UTC |
| 3996e45 | EKR | 07 March 2017, 03:32:32 UTC | Fix the security analysis to indicate that it's the keys derived from the master key that are unique, not the master key itself. Thanks to @davidben for pointing this out | 07 March 2017, 03:32:43 UTC |
| 2c72e1f | EKR | 07 March 2017, 00:29:54 UTC | Clarify what max_early_data_size refers to | 07 March 2017, 00:29:54 UTC |
| c6f4971 | ekr | 07 March 2017, 00:28:20 UTC | Merge pull request #875 from ekr/extract_expand_parity Add an extra Derive-Secret stage prior to HKDF-Extract. This has two | 07 March 2017, 00:28:20 UTC |
| c8f5a50 | EKR | 07 March 2017, 00:25:38 UTC | Update changelog | 07 March 2017, 00:25:38 UTC |
| 4819c02 | EKR | 07 March 2017, 00:21:38 UTC | Make the labels the same. Clean up diagram a bit | 07 March 2017, 00:21:38 UTC |
| b31e2df | Leon Klingele | 05 March 2017, 00:10:02 UTC | Closing the connection after receiving a fatal alert is required. Use MUST. | 06 March 2017, 22:51:40 UTC |
| 171b431 | Leon Klingele | 05 March 2017, 00:09:23 UTC | Uppercase 'MUST' | 06 March 2017, 22:51:40 UTC |
| be823cb | Leon Klingele | 05 March 2017, 00:08:44 UTC | Alert MUST be ignored | 06 March 2017, 22:51:40 UTC |
| d8a18dd | Leon Klingele | 05 March 2017, 00:08:13 UTC | Uppercase 'MAY' | 06 March 2017, 22:51:40 UTC |
| 034767c | Leon Klingele | 05 March 2017, 00:07:49 UTC | Use MUST / MAY for specification of 'Certificate Request' | 06 March 2017, 22:51:40 UTC |
| 10dd48f | Leon Klingele | 05 March 2017, 00:07:08 UTC | 'MUST behave' | 06 March 2017, 22:51:40 UTC |
| 5bb510a | Leon Klingele | 05 March 2017, 00:06:36 UTC | Uppercase 'SHOULD' | 06 March 2017, 22:51:40 UTC |
| 35869bc | Leon Klingele | 05 March 2017, 00:05:34 UTC | Use MAY / MUST NOT in extension requests definition [revised by ekr] | 06 March 2017, 22:51:01 UTC |
| 84b9578 | ekr | 06 March 2017, 22:45:17 UTC | Merge pull request #896 from katrielalex/contributions-for-the-contribution-god Add myself as contributor | 06 March 2017, 22:45:17 UTC |
| f23274a | Katriel Cohn-Gordon | 06 March 2017, 22:09:09 UTC | Add myself as contributor | 06 March 2017, 22:17:01 UTC |
| a3ad276 | Leon Klingele | 04 March 2017, 23:54:21 UTC | Use 'an' instead of 'a' | 06 March 2017, 22:05:23 UTC |
| 725e050 | Leon Klingele | 04 March 2017, 23:52:18 UTC | Uppercase 'X' in 'X25519' and 'X448' | 06 March 2017, 22:05:23 UTC |
| a8a1f45 | Leon Klingele | 04 March 2017, 23:46:04 UTC | Add missing comma [revised from leonklingele's original by ekr] | 06 March 2017, 22:04:39 UTC |
| 6c4b305 | Leon Klingele | 04 March 2017, 23:44:25 UTC | Split word | 06 March 2017, 22:04:39 UTC |
| f90dba8 | Leon Klingele | 04 March 2017, 23:43:43 UTC | Add unit of a number | 06 March 2017, 22:04:39 UTC |
| 7a063a3 | Leon Klingele | 04 March 2017, 23:42:31 UTC | Add missing hyphen symbols | 06 March 2017, 22:04:39 UTC |
| 285bb55 | Leon Klingele | 04 March 2017, 23:41:43 UTC | Lowercase 'certificate' | 06 March 2017, 22:04:39 UTC |
| 6c34233 | Leon Klingele | 04 March 2017, 23:39:29 UTC | Lowercase 'length' | 06 March 2017, 22:04:39 UTC |
| bac7599 | Leon Klingele | 04 March 2017, 23:38:02 UTC | Make use of 'TLS' more uniform [revised from leonklingele's original by ekr] | 06 March 2017, 22:04:39 UTC |
| 60ca907 | Leon Klingele | 04 March 2017, 23:36:17 UTC | Add 'as described in' | 06 March 2017, 22:04:39 UTC |
| d11e659 | Leon Klingele | 04 March 2017, 23:34:30 UTC | Use correct plural / singlar form | 06 March 2017, 22:04:39 UTC |
| 65b05e5 | Leon Klingele | 04 March 2017, 23:34:15 UTC | Command -> 'and' | 06 March 2017, 22:04:39 UTC |
| 521b7f6 | Leon Klingele | 04 March 2017, 23:31:58 UTC | Update 'octets' -> 'bytes' to better preserve context | 06 March 2017, 22:04:39 UTC |
| abefdea | EKR | 04 March 2017, 23:31:26 UTC | Add article before version [replaces leonklingele's original commit.] | 06 March 2017, 22:04:39 UTC |
| 80f0b54 | Leon Klingele | 04 March 2017, 23:28:59 UTC | x-dash-byte | 06 March 2017, 22:04:39 UTC |
| ef8a89a | Leon Klingele | 04 March 2017, 23:26:30 UTC | Remove redundant whitespace in word composition | 06 March 2017, 22:04:39 UTC |
| 163646a | Leon Klingele | 04 March 2017, 23:24:29 UTC | Make it more clear which value is meant | 06 March 2017, 22:04:39 UTC |
| aa697fd | Leon Klingele | 04 March 2017, 23:24:00 UTC | Add 'see's | 06 March 2017, 22:04:39 UTC |
| a52df58 | EKR | 06 March 2017, 20:57:00 UTC | Second tranche of removing the use of 'session'. Partly cherry-picked from PR#895 | 06 March 2017, 20:57:00 UTC |
| 8eca8c8 | EKR | 06 March 2017, 20:51:56 UTC | First tranche of removing the use of 'session'. Cherry-picked from PR#895 | 06 March 2017, 20:51:56 UTC |
| d5dcbc5 | EKR | 06 March 2017, 20:40:55 UTC | Merge branch 'issue836_failed_binders' | 06 March 2017, 20:40:55 UTC |
| 2ecfbb5 | EKR | 06 March 2017, 19:31:21 UTC | Clarify behavior for unknown PSKs | 06 March 2017, 19:31:21 UTC |
| 19bc9dc | ekr | 06 March 2017, 19:01:06 UTC | Merge pull request #882 from martinthomson/exporter_two_step Add an additional Derive-Secret to exporters | 06 March 2017, 19:01:06 UTC |
| 4865b47 | ekr | 04 March 2017, 22:06:05 UTC | Merge pull request #867 from katrielalex/post-compromise-security Clarify post-compromise (in)security and KCI resistance. | 04 March 2017, 22:06:05 UTC |
| a915478 | EKR | 04 March 2017, 22:04:21 UTC | Merge remote-tracking branch 'tlswg/master' | 04 March 2017, 22:04:21 UTC |
| 17dcdb7 | EKR | 04 March 2017, 22:03:20 UTC | Add reference to test vectors draft. Closes #866. | 04 March 2017, 22:03:41 UTC |
| b2d8014 | ekr | 04 March 2017, 22:01:58 UTC | Merge pull request #860 from kazu-yamamoto/fix-spaces adjusting the number of spaces. | 04 March 2017, 22:01:58 UTC |
| dde9964 | EKR | 04 March 2017, 22:01:00 UTC | Merge branch 'master' of github.com:tlswg/tls13-spec | 04 March 2017, 22:01:00 UTC |
| b40196f | EKR | 04 March 2017, 22:00:25 UTC | Fix text to have an explicit SHOULD. Follow-up on PR#859 | 04 March 2017, 22:00:25 UTC |
| be2f889 | EKR | 04 March 2017, 21:59:33 UTC | Merge remote-tracking branch 'davidben/x25519-note-move' | 04 March 2017, 21:59:33 UTC |
| ce516e4 | ekr | 04 March 2017, 21:58:20 UTC | Merge pull request #858 from davidben/update-obfuscated-ticket-age obfuscated_ticket_age can also update on HRR. | 04 March 2017, 21:58:20 UTC |
| 4a747df | EKR | 04 March 2017, 21:56:45 UTC | Re-add tag values to VariantTag. This is required by S 3.5 "Every element of an enumerated must be assigned a value, as demonstrated in the following example." @kazu-yamamoto, you may need to update your parser to enforce this rule. | 04 March 2017, 21:56:45 UTC |
| 2a90593 | EKR | 04 March 2017, 21:55:33 UTC | Merge remote-tracking branch 'kazu-yamamoto/no-fallthrough' | 04 March 2017, 21:55:33 UTC |
| 7787348 | ekr | 04 March 2017, 21:30:20 UTC | Merge pull request #890 from leonklingele/secure-random-ticket_age_add 'ticket_age_add' should be generated using a secure RNG | 04 March 2017, 21:30:20 UTC |
| e7c5af6 | ekr | 04 March 2017, 21:30:02 UTC | Merge pull request #889 from leonklingele/server-random-secure Make sure the server random needs to be generated using a CSRNG as well | 04 March 2017, 21:30:02 UTC |
| 92e54fe | ekr | 04 March 2017, 21:29:19 UTC | Merge pull request #891 from leonklingele/add-myself-author Add myself to contributors list | 04 March 2017, 21:29:19 UTC |
| e833570 | ekr | 04 March 2017, 21:29:03 UTC | Merge pull request #888 from leonklingele/tls12-downgrade-random-suffix Specify _which_ servers should set the random value's suffix | 04 March 2017, 21:29:03 UTC |
| 8b38d33 | Leon Klingele | 04 March 2017, 21:26:28 UTC | Add myself to contributors list | 04 March 2017, 21:26:28 UTC |
| 16b30b0 | ekr | 04 March 2017, 20:59:32 UTC | Merge pull request #885 from leonklingele/fix-typo-ae-be zeroes -> zeros | 04 March 2017, 20:59:32 UTC |
| dd60a07 | ekr | 04 March 2017, 20:59:11 UTC | Merge pull request #887 from leonklingele/dh-must-validate-pubkey DH params: Peers MUST validate each other's public key | 04 March 2017, 20:59:11 UTC |
| 89e36bf | Leon Klingele | 03 March 2017, 03:57:07 UTC | 'ticket_age_add' should be generated using a secure RNG | 03 March 2017, 03:57:07 UTC |
| 2b9aac6 | Leon Klingele | 03 March 2017, 03:49:33 UTC | Specify _which_ servers should set the random value's suffix | 03 March 2017, 03:49:33 UTC |
| 9dcdb2f | Leon Klingele | 03 March 2017, 03:47:58 UTC | Make sure the server random needs to be generated using a CSRNG as well | 03 March 2017, 03:47:58 UTC |
| b802794 | Leon Klingele | 03 March 2017, 02:43:12 UTC | DH params: Peers MUST validate each other's public key | 03 March 2017, 02:43:12 UTC |
| 5bc27d9 | Leon Klingele | 03 March 2017, 00:17:22 UTC | zeroes -> zeros | 03 March 2017, 00:17:22 UTC |
| bc22710 | ekr | 02 March 2017, 22:11:51 UTC | Merge pull request #884 from tlswg/kenny_atul Adding Kenny and Atul as contributors | 02 March 2017, 22:11:51 UTC |
| 9b31b50 | seanturner | 02 March 2017, 21:51:41 UTC | Adding Kenny and Atul as contribtors | 02 March 2017, 21:51:41 UTC |
| c7a2e4d | ekr | 28 February 2017, 18:16:25 UTC | Merge pull request #879 from Buddybenj/grammar Grammar fixes | 28 February 2017, 18:16:25 UTC |
| 02f2155 | ekr | 28 February 2017, 18:15:47 UTC | Merge pull request #874 from jsalowey/5705-format-ref 5705 format ref | 28 February 2017, 18:15:47 UTC |
| 859f91c | ekr | 28 February 2017, 18:15:09 UTC | Merge pull request #883 from jwilk/spelling Remove duplicated word | 28 February 2017, 18:15:09 UTC |
| 7b9fcab | Jakub Wilk | 28 February 2017, 17:05:22 UTC | Remove duplicated word | 28 February 2017, 17:05:22 UTC |
| 63e5697 | Kazu Yamamoto | 27 February 2017, 02:53:33 UTC | removing unnecessary tag and comment. | 27 February 2017, 02:53:33 UTC |
| 2695447 | Martin Thomson | 24 February 2017, 03:28:17 UTC | Split the exporter into two stages | 24 February 2017, 03:28:17 UTC |
| 82711c1 | ekr | 23 February 2017, 19:36:27 UTC | Merge pull request #881 from cascremers/contribs Added contribs. | 23 February 2017, 19:36:27 UTC |
| 8b4fb25 | Cas Cremers | 23 February 2017, 16:46:09 UTC | Added contribs. | 23 February 2017, 17:26:27 UTC |
| fb50b6e | EKR | 22 February 2017, 18:07:26 UTC | Remove obsolete references to status_request_v2. Make clear that the client doesn't have to send an OCSP response. | 22 February 2017, 18:08:12 UTC |
| 85af06e | ekr | 22 February 2017, 18:05:02 UTC | Merge pull request #880 from richsalz/master Add OCSP to cert extensions | 22 February 2017, 18:05:02 UTC |
| 73f4f79 | Rich Salz | 22 February 2017, 17:50:49 UTC | Add OCSP to cert extensions Was already present for server; add it for client. Add me to contributors (if appropriate) | 22 February 2017, 17:59:56 UTC |
| 53415ad | Benjamin Przybocki | 22 February 2017, 09:28:22 UTC | Grammar fixes | 22 February 2017, 09:28:22 UTC |
| 353c43d | Kazu Yamamoto | 22 February 2017, 05:19:55 UTC | defining Empty. | 22 February 2017, 05:19:55 UTC |
| e974156 | Kazu Yamamoto | 22 February 2017, 05:15:10 UTC | removing the strict requirement of variants. | 22 February 2017, 05:15:10 UTC |
