Re: [TLS] Fw: New Version Notification for draft-ietf-tls-ctls-09.txt

Tue, 24 Oct 2023 12:21:45 -0700 

On Tue, Oct 24, 2023 at 06:05:27PM +0000, Ben Schwartz wrote:
> Hi TLS,
> 
> We've just uploaded a new revision of the cTLS draft.  The most
> exciting change in this revision is an additional informative
> reference to Comparse [1], a new formal verification system. 
> The Comparse paper includes a security proof of cTLS (and also
> TLS and MLS).  This revision also includes some slight
> configuration changes that were made in support of that formal
> analysis.
> 
> --Ben Schwartz
> 
> [1] https://eprint.iacr.org/2023/1390
> 
> ________________________________
> 
> A new version of Internet-Draft draft-ietf-tls-ctls-09.txt has been
> successfully submitted by Benjamin Schwartz and posted to the
> IETF repository.
> 
> Name:     draft-ietf-tls-ctls
> Revision: 09
> Title:    Compact TLS 1.3
> Date:     2023-10-23
> Group:    tls
> Pages:    26
> URL:      https://www.ietf.org/archive/id/draft-ietf-tls-ctls-09.txt
> Status:   https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/
> HTML:     https://www.ietf.org/archive/id/draft-ietf-tls-ctls-09.html
> HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-tls-ctls
> Diff:     https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-ctls-09

Quick review:


Section 2.1.1.4.:

- Messed up list in last paragraph.

Section 2.1.1.5.:

- Looks like the previous last paragraph did not get removed.
- Messed up list in last paragraph.

Section 2.1.1.6.:

- On open issue, TLS 1.3 does not directly use the randoms for anything,
  so such hashing implicitly already happens.

Section 2.1.1.9.:

- On certificate_entry_extensions element, I think that if one wanted
  something here, a threestate flag would be sufficient:

  * No extension fields
  * Extension field only on first certificate
  * Extension fields on all certificates.

  (If certificate extensions are used, most commonly those are on the
  first certificate only.)

Section 2.3.1.:

- I don't see it stated anywhere that CTLSHandshake is used for reliable
  transports, and CTLSDatagramHandshake for unreliable transports.

Section 2.3.3.:

- On random values being extended, are those actually used for anything?

Section 6.1.:

- What is the ctls content type used for?
- And thinking about it, how should unencrypted alert be formatted?




-Ilari

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to