You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Proposal to implement support for exported authenticators in crypto/tls as described in draft-ietf-tls-exported-authenticator-10. I'm happy to write a CL for this.
The text was updated successfully, but these errors were encountered:
agnivade
changed the title
crypto/tls: add support for exported authenticators
proposal: crypto/tls: add support for exported authenticators
Nov 22, 2019
Hello @tatianab, this is not something we are likely to implement for the time being.
Go likes to wait until things mature and gain enough adoption to justify their complexity, and we basically never implement draft standards.
Before moving to a CL, we'd have to discuss what a safe and useful API looks like.
I haven't checked the draft in a long time, but I thought the point was to leverage the RFC 5705 exporters, which we already expose via ConnectionState.ExportKeyingMaterial, allowing this entire implementation to live outside the standard library.
crypto/tls stayed simple and robust over the years by implementing a tiny subset of the constellation of TLS features. When TLS 1.3 was new it was easy to maintain this tradition, but now that many additions are being proposed, we'll have to once again figure out what a useful minimal subset looks like.
Proposal to implement support for exported authenticators in
crypto/tls
as described in draft-ietf-tls-exported-authenticator-10. I'm happy to write a CL for this.cc @grittygrease @wbl
The text was updated successfully, but these errors were encountered: