On Fri, Oct 31, 2025 at 11:16:46AM +0100, Simon Josefsson wrote: > Nico Williams <[email protected]> writes: > > A post [0] to the [email protected] mailing list 8 days ago > > points out that tls-server-end-point channel binding for ML-DSA is > > undefined. > ... > > What can we do to fix this? > > x) Move RFC 5929 to HISTORIC and publish a specification that > Obsoletes:RFC5929 saying for any signatures not already deployed > (including ML-DSA) then the 'tls-exporter' CB MUST be used, and that > 'tls-server-end-point' MUST NOT be used, and for already deployed > signatures the intended use for tls-server-end-point is now of LIMITED > USE for situations that does not require end-to-end security.
Moving TSEP to historic won't mean that apps that use it can just switch. Apps generally don't negotiate channel bindings types, so you're asking for a flag day. Barring a security vulnerability in TSEP I think we should not do this. Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
