Support the tls-exporter channel binding

tlocke / scramp

Python implementation of the SCRAM protocol

MIT No Attribution

26 stars 6 forks source link

Support the tls-exporter channel binding #9

Open tlocke opened 2 years ago

tlocke commented 2 years ago

The tls-exporter channel binding is described in https://datatracker.ietf.org/doc/html/draft-ietf-kitten-tls-channel-bindings-for-tls13. This probably can't be implemented until Python allows access to Exported Keying Material, see https://bugs.python.org/issue37952

Neustradamus commented 2 years ago

It is official, it is here: RFC 9266: Channel Bindings for TLS 1.3:

https://tools.ietf.org/html/rfc9266

tlocke commented 2 years ago

As far as I can see, in order to implement the tls-exporter channel binding we'd need to be able to get the EKM, which we can't do at the moment:

https://github.com/python/cpython/issues/82133

Neustradamus commented 9 months ago

@tlocke: Linked to:

tlocke commented 9 months ago

Thanks @Neustradamus, I've had a look at the links and I assume these are just updates on the situation, rather than anything we need to do with Scramp?