Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: add support for exported authenticators #35758

Open
tatianab opened this issue Nov 21, 2019 · 1 comment
Open

proposal: crypto/tls: add support for exported authenticators #35758

tatianab opened this issue Nov 21, 2019 · 1 comment

Comments

@tatianab
Copy link

@tatianab tatianab commented Nov 21, 2019

Proposal to implement support for exported authenticators in crypto/tls as described in draft-ietf-tls-exported-authenticator-10. I'm happy to write a CL for this.

cc @grittygrease @wbl

@agnivade agnivade changed the title crypto/tls: add support for exported authenticators proposal: crypto/tls: add support for exported authenticators Nov 22, 2019
@gopherbot gopherbot added this to the Proposal milestone Nov 22, 2019
@gopherbot gopherbot added the Proposal label Nov 22, 2019
@agnivade agnivade added Proposal-Crypto and removed Proposal labels Nov 22, 2019
@gopherbot gopherbot added the Proposal label Nov 22, 2019
@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Nov 22, 2019

Hello @tatianab, this is not something we are likely to implement for the time being.

  • Go likes to wait until things mature and gain enough adoption to justify their complexity, and we basically never implement draft standards.

  • Before moving to a CL, we'd have to discuss what a safe and useful API looks like.

  • I haven't checked the draft in a long time, but I thought the point was to leverage the RFC 5705 exporters, which we already expose via ConnectionState.ExportKeyingMaterial, allowing this entire implementation to live outside the standard library.

  • crypto/tls stayed simple and robust over the years by implementing a tiny subset of the constellation of TLS features. When TLS 1.3 was new it was easy to maintain this tradition, but now that many additions are being proposed, we'll have to once again figure out what a useful minimal subset looks like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.