David’s analysis is excellent; as a likely future implementor of DTLS 1.3 I’m glad these spec bugs have been discovered. To what extent formal analysis would be helpful here is not obvious.
I don’t recall: did we have interoperable implementations prior to shipping the DTLS 1.3 spec? Cheers, Andrei From: Muhammad Usama Sardar <muhammad_usama.sar...@tu-dresden.de> Sent: Wednesday, November 13, 2024 3:30 AM To: Watson Ladd <watsonbl...@gmail.com>; Russ Housley <hous...@vigilsec.com> Cc: Joseph Salowey <jsalo...@gmail.com>; IETF TLS <tls@ietf.org> Subject: [EXTERNAL] [TLS] Re: DTLS 1.3 bis On 12.11.24 23:52, Watson Ladd wrote: I think anyone implementing would have discovered them. Is David Benjamin the first and only person in the world implementing DTLS 1.3? If not, why were others not able to discover those issues? So, I think we should be thankful to him for his careful analysis rather than giving statements like the above devaluing his work. From a formal perspective, I find his work insightful. In the formal analysis, we typically do not model KeyUpdate part. My takeaway was that we need to include that as well. Regards, Usama
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org