"Salz, Rich" <[email protected]> wrote: > * > I also could see folks trying to avoid the HRR > * > altogether and rip the X25519 out of the hybrid key > * > share and use immediately. That's not a "reuse", I > * > suppose, but still seems a bad idea. > > Can you say why?
Primarily: Icky gut feeling. :-) Doing this is a hack, a way to do something that isn't intended and undocumented (or explicitly not supported); therein lie operational headaches, confusion, difficulty troubleshooting, or a risk of accidentally calcifying weird use cases. I could also see a point being made that picking the hybrid key apart and using its constituent parts in a different context from the one that was explicitly intended violates cryptographic domain separation. As Peter noted, the client ought to reject it, so perhaps the point is moot. (Parties willing to implement support for this are also unlikely to care whether an RFC says SHOULD NOT or MUST NOT.) -Jan _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
