On 26.01.26 16:38, Shumon Huque wrote:
> # Cross-Protocol Attacks> Arguably, this attack already exists if the server uses the same > identity for both protocols, but it seems possible that there might be > a setting in which this was inferred solely from something like the > client IP address. In any case, it seems like it would be better for > the service identifier to be included in the transcript. Isn't the service identity already included in the transcript by virtue of it being specified in the dane-client-id extension? We could also probably shore up the language to mandate the use of the extension (non-empty), instead of allowing it to be omitted if the certificate only has one dns SAN identifier.
Did you try reaching out to the researchers who have done some related formal analysis, as I proposed before [0]? They might have some intuition and/or an opinion to share, even if they might not have time to check it.
-Usama [0] https://mailarchive.ietf.org/arch/msg/dance/GIPVxwb4SnnN4I4K-xY0QLK0EzQ/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
