On 24.07.25 09:20, Salz, Rich wrote:
No opinion. I’m skeptical, but not going to try to prevent others from working on it.
Perhaps in the same boat as Rich. It is clear that formal analysis will be required (as pointed out in section 8.4 of the draft). But perhaps symbolic security analysis will be insufficient because of key schedule changes. I think computational analysis will also be required.
-02 is better than -01 by appending K-shared to (EC)DHE rather than replacing it. Is someone aware of any symbolic/computational analysis of adding secrets in the key schedule this way?
Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
