why is tls having a MAC in the finished message instead of a HASH if it's encrypted/authenticated already?
I briefly worked on a proposal to make it possible to implement TLS w/o HMAC at all, e.g. if you were using AES-CMAC for record protection…
-
-
…& I remember noticing that TLS uses HMAC in cases that don't make sense if we're otherwise using AES-CMAC. Would've been an uphill battle.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.