On Mon, Mar 17, 2025 at 9:38 AM Eric Rescorla <e...@rtfm.com> wrote:
> > As above, I don't see what this has to do with PAKEs at all. If you have a > third > party authentication system, whether sign in with Apple, Google, or some > SSO > provider, then you don't need to share any secret with the relying party. > In my mind, the idea is that you don't have to rely solely on WebPKI if you have that information handy after registration. I am not sure what the authors' intent is, but that is what I thought of. Maybe it's just so one can register home devices that play a sound during setup, or take a picture like a smart watch pairing. At the time I was looking at this problem, there were some addresses on these devices that couldn't be MITMed even with admin privileges. I asked about the addresses for these features and I did get a response. It was "why are you asking about this?" :) Then, I found IT security people fuming about this issue online. So, I decided to let it be. thanks, Rob
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
