On Fri, Jul 08, 2016 at 04:21:30PM +0200, Hannes Tschofenig wrote: > Hi all, > > based on the feedback from Ilari this week I have drafted initial text > that talks about rekeying and the use of the epoch value.
One maybe workable scheme that occurs to me is: Outside special epoches reserved for TLS handshaking itself (the first 4?), Both sides send using the highest epoch they have seen successful deprotection for or one bigger (both sides start at 4 at end of handshake). That would severly limit the frequency of rekeyings in fully asynchronous usage tho (but fully asynchronous usage of UDP or anything similar is probably a Bad Idea). Also, the epoch use window would be sufficiently small to allow epoch number on wire to wrap around (obviously the actual epoch number would not wrap. That is, peer that has seen epoch 65535 (0xFFFF) from peer can send at epoch 65536 (0x0000), which then can be bumped to 65537 (0x0001). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
