On 23 December 2015 at 10:23, Brian Smith <br...@briansmith.org> wrote: > It may be the case that TLS requires contributory behavior and point > validation is still unnecessary. Or, it may be the case that TLS doesn't > really require contributory behavior (though, it seems obvious to me that it > does, at least for TLS 1.2 and earlier). Or, it may be the case that TLS > requires contributory behavior and a check is necessary. The draft should > make it clear which case we are dealing with, with a reference to the > reasoning that gave us whatever conclusion is reached, but currently that is > missing.
My understanding is that with session hash TLS 1.2 is OK, as is 1.3. Like Watson and Thai, I think that 1.2 without session hash is not OK. That suggests that the 25519 draft should require session hash in 1.2. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
