It's not specified one way or the other in ECH but HPKE S 4.1 strongly
suggests you should not be reusing these values:
Namely:
def Encap(pkR):
skE, pkE = GenerateKeyPair()
And skE means you are generating a key of type E:
Ephemeral (E): Role of a fresh random value meant for one-time use.
-Ekr
On Sun, Sep 1, 2024 at 2:04 PM Douglas Stebila <[email protected]> wrote:
> > On Sep 1, 2024, at 10:47 AM, Stephen Farrell <[email protected]>
> wrote:
> >
> > Section 3.2 says there are two allowed ways to handle the same
> > component algs being used in multiple key shares. However,
> > doesn't ECH mean that additional possibilities exist? What
> > should a client do in terms of re-use when using ECH?
>
> That's a good question. I'm not very familiar with subtleties around
> ECH. Is there any re-use allowed between ECH and the main handshake?
>
> Douglas
>
> _______________________________________________
> TLS mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
