On Fri, Jun 5, 2026 at 1:14 PM Nathanael Ritz <[email protected]> wrote:
> From example, the IETF has been notified plenty of times that there are > “missing attacks” on the TLS key schedule from existing formal analysis > that reportedly affects the security of Remote Attestation over secure > channels like TLS depending on the timing of the attempted binding. > However, because the study is under presumably double-blind review, the > authors are not in a position to disclose exactly what those attacks look > like, so the community is left guessing at what mitigations may or may not > be possible. This isn’t nefarious — there are plenty of good (scientific) > reasons why double-blind review is the way it is. But there is a distinct > trade-off. > I'm not sure what result you're referring to here, but the conferences I am aware of that do anonymous submission do not forbid submitters from posting results to preprint sites such as eprint. This is often explicitly stated. Here are some examples: * IACR https://iacr.org/docs/author.pdf "It is however acceptable to post full versions of your work on the Cryptology ePrint Achive, give presentations of your work etc." * USENIX Security https://www.usenix.org/conference/usenixsecurity26/call-for-papers#procedures "While submitted papers must be anonymous, authors may choose to give talks about their work, post a preprint of the paper online, disclose security vulnerabilities to vendors or the public, etc., during the review process." * IEEE S&P https://sp2026.ieee-security.org/cfpapers.html "While a paper is under submission to the IEEE Security & Privacy Symposium, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors." So I don't think in general being under submisison should preclude posting results to IETF lists. -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
