So this isn’t entirely novel right I mean we did something similar wrt other key schedules?
spt > On Feb 23, 2017, at 23:30, Martin Thomson <martin.thom...@gmail.com> wrote: > > https://github.com/tlswg/tls13-spec/pull/882 contains the longer description. > > In short, the existence of an exporter secret threatens the forward > secrecy of any exported secret. This is a problem for QUIC and is > likely to be a more general problem. > > The proposed fix is small: separate exporters into two steps > (extract+expand) where the first step allows for separation based on > exporter type and the second on context. That allows an endpoint to > keep separate secrets for each exporter type and discard those that it > no longer needs, thus gaining forward secrecy if it likes. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
