Thank you Jan for the careful review and thank you Ekr for the suggestion.
On 01.05.26 02:15, Eric Rescorla wrote:
On Thu, Apr 30, 2026 at 5:12 PM Jan Schaumann
<[email protected]> wrote:
"allows for an active quantum attack that achieves
MITM,"
"achieving MITM" doesn't seem quite accurate. What's
accomplished is a quantum attack to decrypt the data
in transit, which, to me, anyway, is different from
posing successfully as a MitM and is more of a
successful eavesdrop. Mallory has powers Eve does
not, but a kex compromise only yields eavesdropping
capability, no?
I tend to agree that MITM isn't quite the right term here.
If you have access to the traffic keys you certainly can mount
a MITM attack, but you can also just take over the connection
and impersonate the server entirely, or, as you suggest,
just eavesdrop.
Please check if PR [0] addresses this point, else please propose changes to the PR. Thank you.
Jan: remaining points will be addressed in a separate PR later on. Best regards, -Usama[0] https://github.com/bwesterb/draft-westerbaan-tls-keyshare-recommendations/pull/7/changes
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
