> When the key is changed, the change procedure should involve new randomness.
I don't think this is necessary, and I don't think the common crypto expertise agrees with you, either. But I am not a cryptographer, maybe one of the ones on this list can chime in. "Crank the KDF" suffices. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
