Ilari Liusvaara <ilariliusva...@welho.com> wrote: > OTOH, you can't drop an attacker knowing older key without doing > new key exchange. >
I think it would be very unfortunate to have the complexity of key update (the new keys are derived from the old keys) without having the benefits of rekeying (the new keys are independent of the old keys). Note that NIST Special Publication 800-133 [1] defines these separate terms, and I suggest we use them in this conversation to avoid confusion: Key update: A procedure in which a new cryptographic key is computed as a function of the (old) cryptographic key that it will replace. Rekey: A procedure in which a new cryptographic key is generated in a manner that is independent of the (old) cryptographic key that it will replace. [1] http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133.pdf . Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
