Hi, I just created a new pull request (and I just recognized it results in a merge conflict):
https://github.com/tlswg/tls13-spec/pull/837 I think in section "E.2 Record Layer" the terms "forward secrecy" and "backward secrecy" have been mixed up. My understanding: A compromised long term key does not compromise captured future traffic => forward secrecy (provided by (EC)DHE) A compromised long term key does not compromise captured traffic from the past => backward secrecy (provided by HKDF-hash) Thanks, Jens _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
