> On 13 Jun 2016, at 10:00 PM, Joseph Salowey <j...@salowey.net> wrote: > > For background please see [1]. > > Please respond to this message indicating which of the following options you > prefer by Monday June, 20, 2016 > > 1. Use the same key for handshake and application traffic (as in the current > draft-13) > > or > > 2. Restore a public content type and different keys > > Thanks, > > J&S
(1) One important (for me) use case for handshake messages after the original handshake is client certificate authentication. Disclosing that the user has just touched the magic resource that causes certificate authentication reveals actual information about what the user is doing. I haven’t seen an argument about why using the same key is similarly harmful. Yoav
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
