On Sat, Mar 15, 2025 at 7:21 PM Laura Bauman <l_bauman= [email protected]> wrote:
> Thanks to everyone that has taken a look at draft-bmw-tls-pake13-01.txt > and provided feedback so far. As more people start reading it, I wanted to > clarify that the current draft version does not yet reflect the change we > intend to make to allow Certificates and the pake extension to be used > together. We’ve filed a GitHub issue here tracking our intent to change > this: https://github.com/chris-wood/draft-bmw-tls-pake13/issues/25. > I'm pretty sure this is not news to authors, but I've thought about this one before (when the IRTF was conducting their PAKE contest). It seems like using both PAKE and certificates together, in combination with "Sign In" products would be pretty powerful. I am not sure why this draft needs TLS extensions, and it doesn't cover the thorny problem of PAKE registration at all. Couldn't it be click "Sign In", and start the TLS key schedule from there, instead of "0"? No extensions necessary. I decided not to work on this problem, because I figured it would make a lot of people mad, and I didn't want to spend my time on it. But, might as well ask the question since we have this draft in front of us. thanks, Rob
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
