Nicely written, Ilari.
Additionally, there is this patent for such a key update by John, Magnus
and Claudio written for the SCTP context:
https://datatracker.ietf.org/ipr/6218/
Ciao
Hannes
Am 04.01.2024 um 18:37 schrieb Ilari Liusvaara:
On Thu, Jan 04, 2024 at 04:26:09PM +0000, Dennis Jackson wrote:
From a security perspective, this would be equivalent to having the
client open a new connection to the server using a session ticket from
the existing connection with psk_dhe_ke mode?
I guess the ergonomics of that approach perhaps aren't as neat, but it
would only require client side implementation changes and no spec or
server-side changes to deploy.
Opening a new connection is rather distruptive in some applications,
even if done as make-before-break.
For example, if application ties some resources to existence of
connection, there would have to be some mechanism to transfer the
resources from old connection to new to avoid distruption from the
resources going away. And very few applications are capable of doing
that.
-Ilari
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
