Dave Garrett <davemgarr...@gmail.com> writes: >It would be a lot simpler, safer, and interoperable to just mandate use of >the Extended Master Secret Extension [RFC 7627]. > >https://tools.ietf.org/html/rfc7627
Yeah, in hindsight it makes more sense, I'll update the draft, although the update may not get in before the IETF freeze. I was trying to avoid having to run two parallel hashing operations throughout the handshake (the other one being for the Finished message), but EMS is just a much more comprehensive solution (like EtM, it's one of those things where you think "why wasn't this added to TLS years ago") even if it means running two lots of hashing. The other update is to clean up the wording around which extensions TLS-LTS implies, replacing the current wording scattered all over the draft. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
