* aluykx <atul.lu...@esat.kuleuven.be> [23/03/2016 09:12:02] wrote: > >Finally, and this calls for an opinion: do you believe that given these > >results > >we should include a KeyUpdate feature in TLS 1.3? > > Ideally it would be better to include a KeyUpdate feature, but the added > complexity could risk introducing vulnerabilities worse than what happens > when the bounds are not respected, since all of these attacks require > adversaries to monitor large amounts of data. If KeyUpdate is simple, then > include it, but otherwise it might not be worth the risk.
Thinking about this a bit before I read your reply, I came to the same conclusion. It could be useful if it's well done and implementations update securely. But that's hard :) Aaron
signature.asc
Description: Digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
