At first glance, hasn’t sufficient analysis been done in:
[VERIFIED-BINDINGS]
Bhargavan, K., Delignat-Lavaud, A., and A. Pironti,
"Verified Contributive Channel Bindings for Compound
Authentication", Network and Distributed System Security
Symposium (NDSS), 2015.? Just a thought? Michael Ross NIWC Atlantic US Navy From: TLS <tls-boun...@ietf.org> On Behalf Of Sam Whited Sent: Sunday, October 3, 2021 9:37 AM To: Salz, Rich <rs...@akamai.com>; Rob Sayre <say...@gmail.com> Cc: tls@ietf.org Subject: [Non-DoD Source] Re: [TLS] Fwd: Last Call: <draft-ietf-kitten-tls-channel-bindings-for-tls13-09.txt> (Channel Bindings for TLS 1.3) to Proposed Standard I'd be okay with that provided we can release an update if such an analysis is ever done? Although this is such a low-stakes issue that I worry that the prejudicial value of such a statement far outweighs the security value. I don't feel strongly about it though. —Sam On October 3, 2021 1:06:40 PM UTC, "Salz, Rich" <rs...@akamai.com> wrote: Perhaps adding text that says no security analysis has been done.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
