I don't have HRR in my model, so 1b needs some additional modeling. I also don't have 6 in my model yet. I have to do some study for 7. At least 1-5 are all very valid cases to evaluate and security considerations of RFC8446bis should caution the designers and implementers about any implications, or forbid if necessary.
On 01.03.26 21:18, John Mattsson wrote:
Note that my preference is still to forbid reuse of as much cryptographically important information as possible. If others want to shoot themselves in the foot, I can't stop them. I just wish there were explicit negotiation, so they don’t accidentally shoot my foot too.I absolutely share your concern. I will be very surprised if all the properties will hold with any of the reuse. ProVerif will hopefully save your foot (and mine too 😉).
As I agreed before, this would be very helpful to avoid talking past each other. Unfortunately, Ekr does not understand me [0] and I do not understand him, and the discussion could not continue. Apparently you and the senior IETF participant you mention in your email also had a misunderstanding.
Just noticed that I forgot to mention the link [0] that I was referring to, so added below. Scott and Deirdre seem to have a misunderstanding too. So yeah, there /is/ an ambiguity on reuse here that formal methods could have helped with.
Thanks, -Usama [0] https://mailarchive.ietf.org/arch/msg/tls/DeatSUS3rredVgVXqSHeUg0Eur4/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
