I have not read the document in full (but still noticed a typo in the
paragraph we're discussing), so I will not comment on its readiness.
Regarding signature context: I don't understand the CFRG recommendation
that Yoav is citing. IMO we should include a context string wherever we
can, to reduce the number of possible cross-protocol (or cross-signature
scheme) attacks. As far as I know context strings do not cost anything
and can only improve the protocol's security.
Maybe one day we will only have signatures deployed that support
context, but if we don't add the context string now we will never get
there. We are not going to revise TLS just to add a context string to EdDSA.
Thanks,
Yaron
On 19/11/16 08:55, Sean Turner wrote:
All,
This is a working group last call for the “4492bis to Standards Track" draft
available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. Please
review the document and send your comments to the list by 9 December 2016.
Note that we are particularly interesting in the issue Yoav raises in the
following message:
https://mailarchive.ietf.org/arch/msg/tls/8Ec7jQqLr_3FrvQfuclllfozKZk
Thanks,
J&S
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
