Issues
--
* tlswg/dtls13-spec (+0/-0/💬1)
1 issues received 1 new comments:
- #254 Mention RFC 7457 in Security section (1 by martinthomson)
https://github.com/tlswg/dtls13-spec/issues/254
Repositories tracked by this digest:
---
* https://github.co
Perhaps adding text that says no security analysis has been done.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
I'd be okay with that provided we can release an update if such an analysis is
ever done?
Although this is such a low-stakes issue that I worry that the prejudicial
value of such a statement far outweighs the security value. I don't feel
strongly about it though.
—Sam
On October 3, 2021 1:06:
Sorry to be difficult, but as I said, I'd prefer to focus not on the
question of the header of this document but rather on what we wish 8446
said. To that end, what text do you think should go in 8446-bis?
-Ekr
On Sat, Oct 2, 2021 at 6:29 PM Sam Whited wrote:
> Even if linking this in updates
8446 currently contains:
> However, it is also possible to bind such connections to an external
> authentication mechanism via out-of-band validation of the server's
> public key, trust on first use, or a mechanism such as channel
> bindings (though the channel bindings described in [RFC5929] are
At first glance, hasn’t sufficient analysis been done in:
[VERIFIED-BINDINGS]
Bhargavan, K., Delignat-Lavaud, A., and A. Pironti,
"Verified Contributive Channel Bindings for Compound
Authentication", Network and Distributed System Security
