On Tue, Mar 17, 2026 at 9:21 AM Nico Williams <[email protected]> wrote:
> On Tue, Mar 17, 2026 at 08:56:32AM -0700, Eric Rescorla wrote: > > On Tue, Mar 17, 2026 at 8:01 AM Viktor Dukhovni <[email protected]> > > wrote: > > > FWIW, I just don't have the energy to object to every well-meaning, but > > > counterproductive proposal. And it can be uncomfortable to uphold a > > > minority view... > > > > > > I agree that reuse of keyshares across multiple connections should > > > generally be avoided, which is the status-quo in RFC8446, but there are > > > sometimes just exceptions. An unenforceable MUST NOT may feel like > > > progress, but it may do more harm than good. > > > > "May" is doing a lot of work here. > > > > Do you have some actual substantive argument to offer? > > The substantive argument is: if it isn't easy to even implement this > requirement, and it's not fatal to security to not implement it, then > why bother stating this requirement when a recommendation suffices? Well, Viktor didn't offer this argument, but in any case, this argument is wrong. It is trivial to implement this requirement: just generate a fresh key for each connection. In fact, it is more work to not implement it. What is not easy is to *enforce* this requirement, but as nobody is proposing to enforce it and in fact the PR tells you not to, the difficulty of enforcing it is not relevant. -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
