On 12.02.26 19:38, David Benjamin wrote:
I think PR 1401 is similarly minimal, and is a better starting point than PR 1407. It actually tries to define what those "..."s we use in 8446 even mean. Without scoping that to specifically the "..."s, it's actually just false.I don't think it's false. In my understanding, "Handshake transcript" is for handshake messages only. For post-handshake mechanisms, there is "hashed authenticator transcript" [0].
It claims the messages are taken from that sequence but, even without extensions, post-handshake auth does something slightly funky.
Please elaborate what exactly you believe in post-handshake auth is funky.
By scoping it to specifically the "..."s, it puts the sequence exactly where we need it.I believe it's completely unnecessary. "hashed authenticator transcript" already distinguishes it.
I intentionally split the PRs up precisely to give a menu of different starting points, depending on how much appetite folks had for changes. If I had meant for it to be a single atomic starting point, I would have uploaded one PR.
Sure, I've added a new sweet dish to the menu :) Folks may still like it after your starter and full heart surgery :)
-Usama [0] https://www.rfc-editor.org/rfc/rfc9261#section-5.2.2-7.4
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
