So this isn’t entirely novel right I mean we did something similar wrt other key schedules?
spt > On Feb 23, 2017, at 23:30, Martin Thomson <[email protected]> wrote: > > https://github.com/tlswg/tls13-spec/pull/882 contains the longer description. > > In short, the existence of an exporter secret threatens the forward > secrecy of any exported secret. This is a problem for QUIC and is > likely to be a more general problem. > > The proposed fix is small: separate exporters into two steps > (extract+expand) where the first step allows for separation based on > exporter type and the second on context. That allows an endpoint to > keep separate secrets for each exporter type and discard those that it > no longer needs, thus gaining forward secrecy if it likes. > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
