On 24.03.26 11:19, Simon Josefsson wrote:
FWIW, the longer you use the ephemeral key, the higher the chance that it will be leaked. And leaking ephemeral keys can actually lead to disasters for security. So this change is actually protecting potential disasters from happening.Viktor Dukhovni<[email protected]> writes:FWIW, I still believe that the current SHOULD NOT (reuse ephemeral keys) is better than the proposed MUST NOT, however that's not a battle worth fighting. It seems that the prevailing wisdom is to make the change, and no disaster will ensue if it is made.
I believe implementations and deployment that make reasonable use of key share reuse (which I believe the earlier discussion acknowledged) [...]
I think "reasonable" is the key word here. Maybe we should discuss precisely what is the /reasonable/ use of key share reuse for (EC-)DHE (for example)?
Best regards, -Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
