> For starters, though, I'd be interested answers from the authors > to two quick questions, though I suspect I can guess 'em: > > 1. TLS1.3 has had significant formal analysis. Did the authors > or other proponents here do any such work and if so can you send > a pointer to your results? If not, then I believe the onus is on > the folks who want to break TLS to do that work themselves if they > want to make a serious proposal and it is not ok IMO to try put > that work onto the community who have been working hard for years > to make TLS stronger.
I would be willing to work with the people that did the formal analysis to show the impact of including the extension, and making changes to the extension that are indicated by that analysis. > 2. Which of the hundreds of applications making use of TLS did > you analyse before proposing this? If only a handful, then same > comment wrt where the onus ought lie. Just like TLS 1.3 has been implemented and tested with many applications during its development, I would expect the same to happen in those environments where there is interest in making use of this extension. Russ _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
