Hello TCPm & TLS wg,
We have submitted a new draft specifying an opportunistic mode to enable
TCP-AO when TLS is used atop a TCP connection. The document specify how
the TCP-AO MKT can be derived from the Master Secret that is established
during the TLS handshake. This could simplify the use o
I support adoption of this document.
On Tue, 26 Sept 2023 at 20:46, David Benjamin wrote:
>
> Hi all,
>
> A while back, we discussed using a DNS hint to predict key shares and reduce
> HelloRetryRequest, but this was dropped due to downgrade issues. In thinking
> through post-quantum KEMs and t
Hi all,
So as David mentioned, this doesn't really offer anything for human
clients, and is aimed at reliably distinguishing between bots. To be honest
it might be better that browsers not implement it, because that massively
increases the number of potential users, and thus the noise we get from
Viktor Dukhovni writes:
>I think what you're really saying, is that it may be time replace the extant
>client certificate request message with a completely new one, because the old
>one is ossified.
No, just have the server echo back the cert-auth flag from the client to
indicate that it really
