Hi,
as I mentioned in my last email, it appears that you misunderstood the
security concern, which is not the main secret to keep it secure but
rather the early secret or lack of randomness for such keys and the need
of that key for the TLS library in a way that you cannot keep the early
secret in any HSM because it is required to be in the same place as your
TLS library. I also mentioned that you cannot put your TLS library in
HSM because it causes performance and delay in communication.
I hope I could clarify the problem.
1- Randomness with some keys as stated and listed before
2- The function that handles key derivation which need direct use of
the keys
Best Regards,
Hosnieh
On 11/18/25 10:28 AM, Thom Wiggers wrote:
Hi,
Op 18 nov 2025, om 18:26 heeft Thom Wiggers <[email protected]> het
volgende geschreven:
TLS is not intended to be secure if the main secret is compromised.
Sorry, let me be precise: a particular TLS session is not secure if
the main secret in that session (or any sessions based on keys
extracted from that main secret, such as resumption secrets).
Regards,
Thom Wiggers
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
