Actually quite consistent with a number of other protocol efforts, such as TLS 1.3 or push messaging spec. Have one joint and keep it well oiled ( https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/d_f6higCJzc … ). Security properties are better treated as holistic with the version, rather than separable knobs.
Also, forging a signature offline for a signed package adds a lot of new attack vectors vs being on-path for a TLS attack and having to forge in real-time. Thus Bleichenbacher oracles in a TLS server sharing a SX key would have much greater impact.
0 replies
1 retweet
7 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.