I also prefer (2). Cheers, Felix
On 14/06/2016 14:45 +0200, Cas Cremers wrote: > It is not quite as simple as saying "(1) makes proofs more complicated" > since it depends on what you are trying to prove. > > (1) makes some styles of standard AKE property proofs (key secrecy, > authentication) harder > (2) might make some privacy proofs harder > > Given that the proof-effort has mostly focused on secrecy and > authentication properties, one can argue for (2). > However, some proof styles can still work out in (1), so it is not such > a clear choice. > > Over time, I've changed my mind, and I now prefer (2) (since we don't > have full detail on any privacy proofs) as long as the content-type > essentially boils down to a single bit of information (which key we are > using) and nothing else. > > FWIW, > > Cas > > > On Tue, Jun 14, 2016 at 1:12 PM, Hannes Mehnert <han...@mehnert.org > <mailto:han...@mehnert.org>> wrote: > > On 13/06/2016 21:27, Daniel Kahn Gillmor wrote: > > On Mon 2016-06-13 15:00:03 -0400, Joseph Salowey wrote: > >> 1. Use the same key for handshake and application traffic (as in the > >> current draft-13) > >> > > > or > >> > >> 2. Restore a public content type and different keys > > > > Given this choice, i prefer (1). > > FWIW, I prefer (1) as well > > > hannes > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
