Reference [I-D.ietf-uta-tls-attacks] is outdated
(draft-ietf-uta-tls-attacks-02 is out, here you still point to 01.)
This is strange. It means the bibxml server is a few days out of date.
draft-ietf-uta-tls-bcp-02 should be changed to forbid unsecure use of
the truncated_hmac TLS extension
(http://www.isg.rhul.ac.uk/~kp/mee-comp.pdf). You're placing anything
like this in "SHOULD NOT" land, but some if it needs to be a clear "MUST
NOT".
Do you mean we need to forbid *any* use of "truncated_hmac"? Do you
think this is a case of MUST NOT?
Thanks,
Yaron
Bodo
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
