Closed MikeBishop closed 6 years ago
martinthomson
commented
8 years ago An easy addition would be to sign the request, or just the identifier for the request in addition to the exporter value. Alternatively, you could feed the same information to the exporter so that you are signing something else.
grittygrease
commented
6 years ago The certificate_request_context is defined by the application, it can be made unique per request to protect against this. My suggestion is to use the Request-ID as the certificate_request_context. A nonce could also be appended to the Request-ID.
MikeBishop
commented
6 years ago In e-mail, we agreed on Cert-ID, and the draft prohibits sending multiple things under the same Cert-ID. I think this is now addressed.
Currently, we do a single TLS export for the session, then sign it repeatedly with every key used by either peer. Brian S. raises the question of whether it would be better to incorporate the Cert-ID into the exported value so that each signature is of a unique value.
I'm not aware that this is necessary, but I'd like to be officially told that by someone whose job is crypto. If it's needed, it's easy enough to add.