On 02.03.26 13:18, tirumal reddy wrote:
The main changes in https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/ addresses the session resumption threat identified by the FATT team.
FWIW, the FATT process does not seem to be followed in spirit in this case, too. ISTM that the following from the process [0] have not occurred for this draft (I did check the archives [1,2] but did not find anything relevant to the two processes below):
1. The working group chairs will inform the working group of this
decision.
2. The output of the FATT is posted to the working group by the
FATT point person.
Did I miss something? #1 is non-controversial (still following the
process is good) but #2 would have been useful to send on the list.
What kind of analysis is required by FATT for this draft? Is a combination of symbolic security analysis (ProVerif) and standard model checking (SPIN model checker) deemed sufficient?
Thanks, -Usama [0] https://github.com/tlswg/tls-fatt?tab=readme-ov-file#document-adoption[1] https://mailarchive.ietf.org/arch/browse/tls/?q=%22draft-ietf-tls-extended-key-update%22%20%22formal%22
[2] https://mailarchive.ietf.org/arch/browse/tls/?q=%22draft-ietf-tls-extended-key-update%22%20%22FATT%22
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
