Open Neustradamus opened 2 years ago
CC @golang/security @FiloSottile
I guess this will be added to the crypto/tls package? What would the support look like? Thanks.
@cherrymui: Yes :)
It is linked to:
cc: @agl, @andres-erbsen, @FiloSottile, @codesenberg, @seankhliao.
Dear all,
I have update the main description about tls-unique, tls-server-end-point, tls-exporter and I have added XEP-0388/XEP-0440/XEP-0474 links.
I think that you have seen the jabber.ru MITM:
RFC 9266, Section 2, says
"tls-exporter" uses Exported Keying Material (EKM), which is already widely exposed by TLS implementations
Indeed, we already support EKM via ConnectionState.ExportKeyingMaterial
.
What do you need us to change in crypto/tls?
@FiloSottile: Thanks for your answer but there is not an announcement in code: RFC5929 / RFC9266 And I do not find:
Example GnuTLS:
Is there an update on this?
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929
Little details, to know easily:
Thanks in advance.