Hi Usama,
we have indeed published several draft versions since the submission
deadline of IETF 125. You can find all the changes here:
https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-extended-key-update-10&url2=draft-ietf-tls-extended-key-update-13&difftype=--html
There is also another implementation based on Mbed TLS, which was
created as part of the hackathon (some time back):
https://github.com/hannestschofenig/mbedtls.git
Ciao
Hannes
Am 06.07.2026 um 10:56 schrieb tirumal reddy:
Hi Usama,
The issues raised by the FATT team (see
https://datatracker.ietf.org/meeting/125/materials/slides-125-tls-sessa-fatt-report-on-eku-00)
have been addressed in earlier versions of the draft:
1. Key schedule / transcript (slide 10): Section 7 now maintains a
running transcript hash. Each new main secret is bound to the initial
handshake and all previous EKU exchanges.
2. Session ticket resumption (slide 11): Section 7 requires endpoints
enabling EKU to disable resumption when the PSKs reside in memory
within the rich OS.
In addition, the issue you raised in
https://github.com/tlswg/tls-key-update/issues/100 has also been
addressed in earlier versions.
An implementation is available at https://github.com/yaroslavros/rustls/.
If your analysis shows an attack, please share the details.
-Tiru
On Sat, 4 Jul 2026 at 22:10, Muhammad Usama Sardar
<[email protected]> wrote:
Hi Hannes, Michael, Tiru, Steffen, and Yarolsav,
I've seen the diff. It seems like just a PQ-wrapper around -12. Could
you please help me understand how my substantial technical
concerns from
IETF 125 have been addressed? Based on my formal analysis, the
spec --
as it is now -- can still lead from high to critical severity
vulnerabilities.
Is there any proof-of-concept or implementation of this spec where
I can
test my attacks?
Best,
-Usama
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
TLS mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]