8. Security Considerations
Questa sezione conserva il testo RFC su BUSA-TLS, includendo TLS 1.3 HKDF key schedule changes, Mandatory Audio Component, MAC derivation, alert handling, implementation notes, security considerations e IANA considerations.
Testo RFC originale
8. Security Considerations
8.1. Key Material Confidentiality
The Mandatory Audio Component is a commercially available recording
that can be obtained by any party for a modest sum. Therefore, it
has zero entropy against an adversary who has heard of 2 Live Crew.
Implementors MUST NOT treat MAC as a source of secret key material.
MAC is a constant, not a secret.
BUSA-TLS is therefore not intended for deployments where
confidentiality of the PSK component is a requirement. It is
intended for deployments where the PSK component is a 1990 hip-hop
recording.
8.2. Forward Secrecy
BUSA-TLS inherits the forward secrecy properties of TLS 1.3 with
respect to session traffic keys. Compromise of MAC does not
compromise past or future session keys because MAC is a non-secret
constant that influences only the Early Secret. In this sense, BUSA-
TLS has the same forward secrecy properties as [RFC8446] without a
PSK, which is excellent.
8.3. Downgrade
A peer that negotiates vanilla TLS 1.3 without BUSA-TLS extension
support is not a BUSA-TLS peer. Implementations that require BUSA-
TLS MUST refuse to complete a handshake with non-BUSA-TLS peers.
This is not a security recommendation. It is a lifestyle choice
encoded in a protocol.