Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: crypto/tls: add support for exported authenticators #35758

Open
tatianab opened this issue Nov 21, 2019 · 1 comment
Open

proposal: crypto/tls: add support for exported authenticators #35758

tatianab opened this issue Nov 21, 2019 · 1 comment
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues Proposal-Hold
Milestone
Proposal

Comments

@tatianab
Copy link

Proposal to implement support for exported authenticators in crypto/tls as described in draft-ietf-tls-exported-authenticator-10. I'm happy to write a CL for this.

cc @grittygrease @wbl
@agnivade agnivade changed the title crypto/tls: add support for exported authenticators proposal: crypto/tls: add support for exported authenticators Nov 22, 2019
@gopherbot gopherbot added this to the Proposal milestone Nov 22, 2019
@agnivade agnivade added Proposal-Crypto Proposal related to crypto packages or other security issues and removed Proposal labels Nov 22, 2019
@FiloSottile
Copy link
Contributor

Hello @tatianab, this is not something we are likely to implement for the time being.

  • Go likes to wait until things mature and gain enough adoption to justify their complexity, and we basically never implement draft standards.

  • Before moving to a CL, we'd have to discuss what a safe and useful API looks like.

  • I haven't checked the draft in a long time, but I thought the point was to leverage the RFC 5705 exporters, which we already expose via ConnectionState.ExportKeyingMaterial, allowing this entire implementation to live outside the standard library.

  • crypto/tls stayed simple and robust over the years by implementing a tiny subset of the constellation of TLS features. When TLS 1.3 was new it was easy to maintain this tradition, but now that many additions are being proposed, we'll have to once again figure out what a useful minimal subset looks like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues Proposal-Hold
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
4 participants
@FiloSottile @agnivade @tatianab @gopherbot