Usama: Good catch. I will correct.
Russ > On May 24, 2025, at 11:00 AM, Muhammad Usama Sardar > <muhammad_usama.sar...@tu-dresden.de> wrote: > > Based on the protocol diagram provided to me by Russ and some preliminary > working back then, I do not expect it to break any properties of the TLS > protocol under traditional adversary settings. However, I am not into PQ yet, > so I can't say anything about whether FATT comments have been addressed. > > One nit: According to RFC 5869, the first input of HKDF-Extract is the salt > and the second input is the IKM. > > So instead of: > > Early Secret = HKDF-Extract(External PSK, 0) > > it should say > > Early Secret = HKDF-Extract(0, External PSK) > > I have submitted a PR [1] for this. > > [1] https://github.com/tlswg/rfc8773bis/pull/2 > > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
