On Fri, Apr 28, 2017 at 07:41:59PM +0100, Ken Ivanov wrote: > Hi Eric and everyone, > > Specifically, while the spec instructs the party that receives a KeyUpdate > with its request_update set to update_requested to respond with its own > KeyUpdate with request_update set to update_not_requested, there are no > provisions as to what the originator of the key update should do if it never > receives the requested KeyUpdate response from the remote party (or does not > receive it within a reasonable time scope).
The problem is that any time bound would cause keyupdate to couple the directions, which is harmful from API standpoint. The KeyUpdate mechanism is explicitly designed for fully asynchronous operation. Which impiles there is no time bound. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
