Hi, Nikos > On 15 Jun 2016, at 11:00 AM, Nikos Mavrogiannopoulos <n...@redhat.com> wrote: > > On Mon, 2016-06-13 at 12:00 -0700, Joseph Salowey wrote: >> For background please see [1]. >> >> Please respond to this message indicating which of the following >> options you prefer by Monday June, 20, 2016 >> >> 1. Use the same key for handshake and application traffic (as in the >> current draft-13) >> >> or >> >> 2. Restore a public content type and different keys > > Unless participants are really expert on what is the issue is and how > these proofs are constructed, I doubt that people in the TLS WG can > resolve that in a way that provides assurance. There are good arguments > presented in the thread by few cryptographers, but since this is mainly > a low level crypto decision, why not ask the CFRG instead?
I disagree that this is a low level crypto decision, or at least that this is mainly so. There is the question of whether using the same key for application data and handshake is harmful. That question is mainly low level crypto and could be asked of CFRG. There is the other question of whether exposing the fact that there are handshake messages and when they occur is harmful. That is security-related, but not at all related to crypto. Weighing these two potential harms against each other and coming to a decision is entirely an engineering issue, and we should not offload that to CFRG. Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
