Hi Usama,

we have indeed published several draft versions since the submission deadline of IETF 125. You can find all the changes here:

https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-extended-key-update-10&url2=draft-ietf-tls-extended-key-update-13&difftype=--html

There is also another implementation based on Mbed TLS, which was created as part of the hackathon (some time back):
https://github.com/hannestschofenig/mbedtls.git

Ciao
Hannes


Am 06.07.2026 um 10:56 schrieb tirumal reddy:
Hi Usama,

The issues raised by the FATT team (see https://datatracker.ietf.org/meeting/125/materials/slides-125-tls-sessa-fatt-report-on-eku-00) have been addressed in earlier versions of the draft:

1. Key schedule / transcript (slide 10): Section 7 now maintains a running transcript hash. Each new main secret is bound to the initial handshake and all previous EKU exchanges. 2. Session ticket resumption (slide 11): Section 7 requires endpoints enabling EKU to disable resumption when the PSKs reside in memory within the rich OS.

In addition, the issue you raised in https://github.com/tlswg/tls-key-update/issues/100 has also been addressed in earlier versions.

An implementation is available at https://github.com/yaroslavros/rustls/.

If your analysis shows an attack, please share the details.

-Tiru

On Sat, 4 Jul 2026 at 22:10, Muhammad Usama Sardar <[email protected]> wrote:

    Hi Hannes, Michael, Tiru, Steffen, and Yarolsav,

    I've seen the diff. It seems like just a PQ-wrapper around -12. Could
    you please help me understand how my substantial technical
    concerns from
    IETF 125 have been addressed? Based on my formal analysis, the
    spec --
    as it is now -- can still lead from high to critical severity
    vulnerabilities.

    Is there any proof-of-concept or implementation of this spec where
    I can
    test my attacks?

    Best,

    -Usama

    _______________________________________________
    TLS mailing list -- [email protected]
    To unsubscribe send an email to [email protected]


_______________________________________________
TLS mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to