Reference [I-D.ietf-uta-tls-attacks] is outdated (draft-ietf-uta-tls-attacks-02 is out, here you still point to 01.)
draft-ietf-uta-tls-bcp-02 should be changed to forbid unsecure use of the truncated_hmac TLS extension (http://www.isg.rhul.ac.uk/~kp/mee-comp.pdf). You're placing anything like this in "SHOULD NOT" land, but some if it needs to be a clear "MUST NOT". Bodo
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
