Support the tls-exporter channel binding

Question

Support the tls-exporter channel binding

tlocke opened this issue 3 years ago · 4 comments

The tls-exporter channel binding is described in https://datatracker.ietf.org/doc/html/draft-ietf-kitten-tls-channel-bindings-for-tls13. This probably can't be implemented until Python allows access to Exported Keying Material, see https://bugs.python.org/issue37952

Answer 1 · 2022-07-25T21:25:04.000Z

It is official, it is here: RFC 9266: Channel Bindings for TLS 1.3:

https://tools.ietf.org/html/rfc9266

Answer 2 · 2022-07-31T18:07:48.000Z

As far as I can see, in order to implement the tls-exporter channel binding we'd need to be able to get the EKM, which we can't do at the moment:

python/cpython#82133

Answer 3 · 2023-11-19T01:24:17.000Z

@tlocke: Linked to:

Answer 4 · 2023-11-19T09:40:04.000Z

Thanks @Neustradamus, I've had a look at the links and I assume these are just updates on the situation, rather than anything we need to do with Scramp?