On Mon, Dec 28, 2015 at 3:08 PM, Florian Weimer <fwei...@redhat.com> wrote:
> On 12/21/2015 01:41 PM, Hubert Kario wrote: > > > if the rekey doesn't allow the application to change authentication > > tokens (as it now stands), then rekey is much more secure than > > renegotiation was in TLS <= 1.2 > > You still have the added complexity that during rekey, you need to > temporarily switch from mere sending or receiving to at least > half-duplex interaction. > That's not intended. Indeed, you need to be able to handle the old key in order to send/receive the KeyUpdate. Can you elaborate on your concern? -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
