Hey everyone, https://docs.google.com/document/d/1HXu7LoMP8Z30JkHyMOuVOtG5W9AFOQtsL8vuSbFxXUw/edit?usp=sharing is my crude attempt at an analysis of the security of the version negotiation draft, including some suggestions that might make the protocol more efficient.
I will you reach your own conclusion, but I found some cuts that can be made in the design. Not as many as I expected originally though. I did just realize that an entire component can come out, but I haven't edited it out yet; I'll leave that in case others disagree with my assessment there. It's long and complicated, sadly. That's the one thing that I might regret most about the decision to defer solving this problem properly in the first place. In any case, I hope that this is a useful contribution to the discussion. Cheers, Martin
