Closed thomwiggers closed 1 year ago
Oh hey, I wrote Appendix A of that paper. +1 to this suggestion!
@ounsworth do you want to add a security consideration briefly describing the risk/attack a POP addresses bases on Appendix A of that paper?
Authors meeting 2.3.23: Mike will provide a summary as security consideration.
concluded with Mike's PR
(emphasis mine)
We've had quite a bit of discussion about "certain attacks" on the mailing list. The remainder of the text hints a bit at attacks in deployments where the binding between the end entity and the key isn't rigorously checked, but does it make sense to e.g. refer to Appendix A of this paper which makes a little bit more of an overview?
(This comment comes from my academic writing background, so leaving this or other references out for editorial reasons is perfectly fine)