Passa al contenuto principale

8. Security Considerations

Questa sezione conserva il testo RFC su BUSA-TLS, includendo TLS 1.3 HKDF key schedule changes, Mandatory Audio Component, MAC derivation, alert handling, implementation notes, security considerations e IANA considerations.

Testo RFC originale

8.  Security Considerations

8.1. Key Material Confidentiality

The Mandatory Audio Component is a commercially available recording
that can be obtained by any party for a modest sum. Therefore, it
has zero entropy against an adversary who has heard of 2 Live Crew.
Implementors MUST NOT treat MAC as a source of secret key material.
MAC is a constant, not a secret.

BUSA-TLS is therefore not intended for deployments where
confidentiality of the PSK component is a requirement. It is
intended for deployments where the PSK component is a 1990 hip-hop
recording.

8.2. Forward Secrecy

BUSA-TLS inherits the forward secrecy properties of TLS 1.3 with
respect to session traffic keys. Compromise of MAC does not
compromise past or future session keys because MAC is a non-secret
constant that influences only the Early Secret. In this sense, BUSA-
TLS has the same forward secrecy properties as [RFC8446] without a
PSK, which is excellent.

8.3. Downgrade

A peer that negotiates vanilla TLS 1.3 without BUSA-TLS extension
support is not a BUSA-TLS peer. Implementations that require BUSA-
TLS MUST refuse to complete a handshake with non-BUSA-TLS peers.
This is not a security recommendation. It is a lifestyle choice
encoded in a protocol.