Upgrade Security Guidance to Requirements TLS recommends mechanisms to protect against Timing attacks (6.2.3.2, 7.4.9.1) Bliechenbacher attack (7.4.9.1) Can TLS 1.2 upgrade these to MUST? Consider extending guidance for blinding to non-RSA key exchange algorithms? |