On Tue, Feb 24, 2026 at 1:50 PM Muhammad Usama Sardar < [email protected]> wrote:
> On 23.02.26 22:00, Eric Rescorla wrote: > > The question of key reuse seems orthogonal, as key reuse in >> this draft is allowed to essentially the same extent as it is >> allowed with traditional ECC algorithms. Again, what is it you're >> expecting formal review to tell us? >> >> For "essentially the same extent": That's not my reading. RFC8446bis [1] >> seems to be using normative SHOULD NOT, whereas this draft [2] seems to be >> changing that to simply a non-normative recommendation "[...] recommended >> that implementations avoid reuse [...]". Did I miss something? >> > Yes. This text does not override the text form 8446bis, which is still in > force. > > [ Apologies, my phrasing particularly "changing" was a bit confusing. ] > > Sure, I was asking for clarification on "essentially the same extent" and > sharing my understanding of why I believe they are not "essentially the > same extent". Does my statement in previous email make more sense now? Am I > (still) missing something? > I don't understand what you're saying, so the best I can do is repeat myself. draft-ietf-tls-mlkem has RFC 8446-bis as a normative dependency and therefore implementations SHOULD NOT reuse key shares, just as implementations of RFC 8446 SHOULD not reuse key shares for ECDHE. -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
