On Tue, 13 Jan 2026, [email protected] wrote:
To address this, this specification defines an extended key update mechanism that performs a fresh Diffie-Hellman exchange within an active session, thereby ensuring post-compromise security. By forcing attackers to exfiltrate new key material repeatedly, this approach mitigates the risks associated with static key compromise. Regular renewal of session keys helps contain the impact of such compromises. The extension is applicable to both TLS 1.3 and DTLS 1.3.
It would be useful, if we are changing KeyUpdate anyway, to also generally allow some other TLS Extensions to send a message here. One can think of attestation refreshing being one obvious use case here. Paul _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
