Hiya,
Given David's presentation and subsequent list discussion, it seems extraordinarily clear that a bis document is needed here;-) On 17/11/2024 12:54, David Benjamin wrote:
A thought: This is now a protocol change, but what if we defined a "oops" extension that simply adds a dummy post-Finished handshake message that protrudes into epoch 3? I.e., if negotiated, the client and server flights actually look like this:
Another thought: it looks like at least some of these issues may be coming up now because our formal analyses of (D)TLS mostly covered the security of the protocol and not the correctness of the protocol. If that is true, and if it turns out we need to change DTLS to handle the issues found, then maybe it'd be worthwhile trying to see if we can find some people to try do formal analyses of the protocol with a view to proving things about correctness? I'm not suggesting making this a requirement, btw, nor a thing to be mandated via any fatty process. But it's interesting that the not- quite-unwanted sibling of the IETF protocol that has had by far the most investment in formal analyses shows such deficiencies. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
