On Thu, Dec 12, 2024, at 10:46, Salz, Rich wrote: >> My inclination is to suggest that we pick Specification Required, with a >> recommendation to experts to reject registrations if the secret can be used >> to derive other secrets. For instance, we don't define a label for the >> resumption secret or any of the secrets that form the main trunk of the key >> schedule. > > I'm in favor of this. Perhaps the instructions to the experts could > also say "they MAY wish to verify this on the TLS mailing list."
That's a good ideal. I'll also take a look at the 8447 revisions and see what else might be picked up from those documents (they have some great general advice for how to manage registration requests). _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
