> My crystal ball went missing, but I kind of expect lots of pitchforks if
the security ADs tried to insist on formal analysis of any TLS extension,
especially ones produced from non-security-area groups.
But it seems entirely reasonable for the Sec AD's to require that the security
considerations mention that this has not had the extensive analysis that TLS
1.3 received. Many people, not seeing that sentence, will conclude that this
is just as good as straight TLS 1.3, which we don't know.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
