David’s analysis is excellent; as a likely future implementor of DTLS 1.3 I’m 
glad these spec bugs have been discovered. To what extent formal analysis would 
be helpful here is not obvious.

I don’t recall: did we have interoperable implementations prior to shipping the 
DTLS 1.3 spec?

Cheers,

Andrei

From: Muhammad Usama Sardar <muhammad_usama.sar...@tu-dresden.de>
Sent: Wednesday, November 13, 2024 3:30 AM
To: Watson Ladd <watsonbl...@gmail.com>; Russ Housley <hous...@vigilsec.com>
Cc: Joseph Salowey <jsalo...@gmail.com>; IETF TLS <tls@ietf.org>
Subject: [EXTERNAL] [TLS] Re: DTLS 1.3 bis

On 12.11.24 23:52, Watson Ladd wrote:
I think anyone implementing would have discovered them.

Is David Benjamin the first and only person in the world implementing DTLS 1.3? 
If not, why were others not able to discover those issues? So, I think we 
should be thankful to him for his careful analysis rather than giving 
statements like the above devaluing his work.

From a formal perspective, I find his work insightful. In the formal analysis, 
we typically do not model KeyUpdate part. My takeaway was that we need to 
include that as well.

Regards,

Usama
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to