rohanmahy
commented
5 months ago added this to the concrete TLS PL syntax in commit https://github.com/ietf-wg-mimi/draft-ietf-mimi-content/commit/8d4eada51846fa6f31a33e1d701f86ad3471ddf3 Lines 431-432.
Normative text coming in another commit.
As specified, the external content mechanism just contains an AEAD key that is used to encrypt the external content. The problem with this design is that it allows any receiver of the message to collude with the storage server to replace the content, because the key is sufficient to create a valid piece of external content.
The fix for this is to have a separate hash of the content in the external content reference; this prevents an attacker from substituting the content.