> My inclination is to suggest that we pick Specification Required, with a > recommendation to experts to reject registrations if the secret can be used > to derive other secrets. For instance, we don't define a label for the > resumption secret or any of the secrets that form the main trunk of the key > schedule.
I'm in favor of this. Perhaps the instructions to the experts could also say "they MAY wish to verify this on the TLS mailing list." _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
