Hi, I don't know if you want to change the I-D in last call, but the Marvin Attack paper is now officially published: https://doi.org/10.1007/978-3-031-51479-1_13
Given that we have 17 CVEs and counting on top of ROBOT, I think that it's a good reference for disallowing RSA kex in TLS. -- Regards, Hubert Kario Principal Quality Engineer, RHEL Crypto team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
