Issue: https://github.com/tlswg/tls13-spec/issues/555
ADL suggested that we could slightly reduce the number of HKDF computations by generating the IVs as a single block rather than with individual HKDF-Expands. You can't generally do this kind of slice-and-dice and preserve the key boundary, but IVs are public anyway. At least for NSS, this makes things slightly more complicated because we generate the directional traffic keys independently, but it's also not a big deal to change if people want. Comments in favor or against?
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
