> > >> draft-ietf-uta-tls-bcp-02 should be changed to forbid unsecure use of >> the truncated_hmac TLS extension >> (http://www.isg.rhul.ac.uk/~kp/mee-comp.pdf). You're placing anything >> like this in "SHOULD NOT" land, but some if it needs to be a clear "MUST >> NOT". >> > > Do you mean we need to forbid *any* use of "truncated_hmac"? Do you think > this is a case of MUST NOT?
Those cases that are insecure as shown by that paper should be a MUST NOT. Any other use of truncated_hmac is already a SHOULD NOT (because truncated_hmac doesn't apply to AEAD ciphersuites), which seems adequate. Bodo
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
