https://www.nds.rub.de/media/nds/veroeffentlichungen/2015/08/21/Tls13QuicAttacks.pdf
This one looks very nasty to fix. Short of disallowing the use of RSA certificates for TLS 1.2 with the RSA handshake and in TLS 1.3, I don't see a good fix. I haven't read this paper in detail yet. Cross-protocol attacks are the gift that keeps giving. Sincerely, Watson _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
