I went through the PAKE draft on TLS 1.3, and while I certainly appreciate the
use of a PAKE within TLS, I would like to highlight one potential security
issue that the working group needs to be aware of.
The draft has SPAKE2+ as its sole defined parameter set; SPAKE2+ has a rather
interesting
Reviewer: Carsten Bormann
Review result: Ready with Nits
(Insert ARTART boilerplate here.)
Thank you for this draft, it is in very good shape.
The document is explicit about the different configurations the
protocol can be run in, the participants, their roles, the security
and privacy objective
Alicja Kario writes:
> NIST has selected HQC for standardisation this week... No idea about
> its patent situation
Interesting question.
My tracking page lists HQC as being claimed by GAM. People have mostly
heard about GAM as a lattice patent, but the patent is actually broader
and originates in
Dear Yoav Nir (cc: tls WG, tls-reg-review mailing list),
Following up on this; as a designated expert for the TLS ExtensionType Values
registry, can you review the proposed registration in draft-ietf-tls-esni-23
for us? Please note that Nick Sullivan is a co-author for this draft and that
Rich
