- I don't think any new "Supported Groups" that allows an ephemeral key to be reused in more than one key-establishment in violation of SP 800-56ar3 should be RECOMMENDED=Y. As stated by Bas, we we can't stop reuse for existing key agreements immediately.
Sure. Of course, we can never tell if the other side is doing “the right thing.” This includes not re-using keys, not running SSLKEYLOGFILE on their servers, not doing “harvest now decrypt later”, and so on.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
