Nico Williams <[email protected]> writes: > A post [0] to the [email protected] mailing list 8 days ago > points out that tls-server-end-point channel binding for ML-DSA is > undefined. ... > What can we do to fix this?
x) Move RFC 5929 to HISTORIC and publish a specification that Obsoletes:RFC5929 saying for any signatures not already deployed (including ML-DSA) then the 'tls-exporter' CB MUST be used, and that 'tls-server-end-point' MUST NOT be used, and for already deployed signatures the intended use for tls-server-end-point is now of LIMITED USE for situations that does not require end-to-end security. /Simon
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
