On Thu, Sep 25, 2025, at 03:08, Eric Rescorla wrote: > On Wed, Sep 24, 2025 at 5:13 AM John Mattsson > <[email protected]> wrote: >> ”The key_exchange values for each KeyShareEntry MUST be generated >> independently” >> >> this seems like a weird way to try to partially protect against bad >> implementations that violate NIST requirements and use Key Share entries in >> more than one execution of key-establishment. > > This text is not about multiple executions of key-establishment but > about multiple KeyShareEntries in the same protocol run.
That wouldn't be an issue if we didn't allow key share reuse across connections. Though that's an issue we've repeatedly failed to reach consensus on. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
