On Mon, Jan 26, 2026 at 12:13 PM Muhammad Usama Sardar < [email protected]> wrote:
> On 26.01.26 16:38, Shumon Huque wrote: > > > # Cross-Protocol Attacks > > > Arguably, this attack already exists if the server uses the same > > identity for both protocols, but it seems possible that there might be > > a setting in which this was inferred solely from something like the > > client IP address. In any case, it seems like it would be better for > > the service identifier to be included in the transcript. > > Isn't the service identity already included in the transcript by > virtue of it being specified in the dane-client-id extension? We > could also probably shore up the language to mandate the use > of the extension (non-empty), instead of allowing it to be omitted > if the certificate only has one dns SAN identifier. > > Did you try reaching out to the researchers who have done some related > formal analysis, as I proposed before [0]? They might have some intuition > and/or an opinion to share, even if they might not have time to check it. > > -Usama > > [0] > https://mailarchive.ietf.org/arch/msg/dance/GIPVxwb4SnnN4I4K-xY0QLK0EzQ/ > Sorry, I seemed to have missed your earlier message. I'll follow up about the formal analysis topic, after we've finished the current back and forth about the remaining points of design contention. Shumon.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
