On Mon, Oct 2, 2017 at 5:43 PM, Russ Housley <[email protected]> wrote:
> > For starters, though, I'd be interested answers from the authors > > to two quick questions, though I suspect I can guess 'em: > > > > 1. TLS1.3 has had significant formal analysis. Did the authors > > or other proponents here do any such work and if so can you send > > a pointer to your results? If not, then I believe the onus is on > > the folks who want to break TLS to do that work themselves if they > > want to make a serious proposal and it is not ok IMO to try put > > that work onto the community who have been working hard for years > > to make TLS stronger. > > I would be willing to work with the people that did the formal analysis to > show the impact of including the extension, and making changes to the > extension that are indicated by that analysis. > If you're feeling enterprising, at least one model for TLS 1.3 is open source. https://github.com/tls13tamarin/TLS13Tamarin I'm told that it takes a good part of an hour to run, though, so be prepared. --Richard > > 2. Which of the hundreds of applications making use of TLS did > > you analyse before proposing this? If only a handful, then same > > comment wrt where the onus ought lie. > > Just like TLS 1.3 has been implemented and tested with many applications > during its development, I would expect the same to happen in those > environments where there is interest in making use of this extension. > > Russ > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
