(dprive to bcc, because this is getting further afield) On Fri, Apr 30, 2021, at 00:26, Salz, Rich wrote: > > No new protocol should use TLS without ALPN. It only opens space for > > cross-protocol attacks. Did the working group consider this possibility in > > their discussions? > > I don't believe that message has been made as public as it should be.
I see that UTA is working on a revision of RFC 7525. Is text on this something that would be in scope. I only just searched for "ALPN", finding nothing, so maybe it is not in the original scope and maybe there are things that might prevent expansion of scope. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
