Yaroslav Rosomakho <[email protected]> wrote: > Is the proposal to change "Clients and Servers SHOULD NOT reuse a key share > for multiple connections" to "Clients and Servers MUST NOT reuse a key > share for multiple connections" in the appendix C.4? > > If so, I support such change.
I also support this change. > It would be great to keep allowing key reuse within the same handshake. I > don't see a crime in using the same 32-byte public X25519 key within X25519 > and X25519MLKEM768 keyshares of the same ClientHello or two ClientHellos in > the same connection after HRR. Some implementations do that today. Not loving this, though. I also could see folks trying to avoid the HRR altogether and rip the X25519 out of the hybrid key share and use immediately. That's not a "reuse", I suppose, but still seems a bad idea. -Jan _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
