snipping down the list
> On Feb 3, 2026, at 15:08, Muhammad Usama Sardar
> <[email protected]> wrote:
> # Known implementation
>
> The only public implementation currently known to us is Cloudflare's
> opaque-ea [0], which as acknowledged [1] by Cloudflare, is a partial
> implementation of RFC9261. It implements TLS messages here [2] and is based
> on mint [3] - a minimal TLS 1.3 stack for learning purposes. Is there any
> other open-source implementation?
>
> For future, could we please reference the implementations within the RFCs
> (either in text or in "additional resources" in datatracker) to avoid the
> trouble to find it?
>
> The developers are ultimately aiming at code that they will use in production.
>
The shepherd write-up for the I-D that became RFC 6261 noted that there were
two implementations:
https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/15/
I checked my mail and I can’t find any reference to those implementations and I
can’t remember the names.
As far as including the implementations in the RFC, pretty sure that’s not
normally done.
> ## Formal analysis in ProVerif
>
> I am trying to understand the security considerations of RFC9261. It
> acknowledges Karthik for suggestions on security considerations. Does someone
> happen to recall whether he actually did some formal analysis in ProVerif or
> was it based on his intuition? If the former, could someone point me to the
> analysis? I did check reftls repo [4] which does not contain it. I also
> checked his personal repos [5] but could not find something relevant.
>
> I know some formal analysis was done in Tamarin but I would like to compare
> my ProVerif model with his model, if he had one.
>
> For future, could we please reference the formal analysis within the RFCs
> (either in text or in "additional resources" in datatracker) to avoid the
> trouble to find it?
I think the best bet here is a direct (offlist) message to Karthik to ask him.
spt
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
