> I don't know if you want to change the I-D in last call, but the > Marvin Attack paper is now officially published:
I think this can be handled after LC and during AUTH48. > Given that we have 17 CVEs and counting on top of ROBOT, I think that it's > a good reference for disallowing RSA kex in TLS. Agreed. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls