I supported and support prohibiting key reuse, and seem to remember multiple
other supporting voices not named John. My impression (which could be mistaken
because these debates are really painful to keep track of) is actually that
objections are in the rough, if we count From headers rather than Message-ID
headers.
Yes, there is no protocol police, and implementations feeling the Need for
Speed might still do reuse. They might also use all zeroes in place of random
bytes, since memset is faster than any DRBG! It's also easier. The good news is
that we won't have to waste time thinking about how reuse-based attacks might
apply to compliant implementations.
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
