On Tue, Jun 14, 2016 at 11:33:11AM +0300, Yoav Nir wrote: > > > (1)
+1 > One important (for me) use case for handshake messages after the > original handshake is client certificate authentication. Disclosing > that the user has just touched the magic resource that causes > certificate authentication reveals actual information about what > the user is doing. I haven’t seen an argument about why using the > same key is similarly harmful. I too haven't seen an argument (or am I able to construct one myself) on why using the same key causes more issues than "more difficult for cryptographers" (without assumptions known to be false or cause severe problems no matter what). Such arguments could include e.g. crypto screw (no proof of exploitability needed), implementability, narrowing works-vs- correct gap, etc... About every other issue I could come up with, it seems to be just as bad with separate keys and public content types (except those ones that are just worse with public content types of course). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls