On Tue, Mar 24, 2026 at 03:30:28PM +0100, Muhammad Usama Sardar wrote: > On 24.03.26 11:19, Simon Josefsson wrote: > > > Viktor Dukhovni<[email protected]> writes: > > > FWIW, I still believe that the current SHOULD NOT (reuse ephemeral keys) > > > is better than the proposed MUST NOT, however that's not a battle worth > > > fighting. It seems that the prevailing wisdom is to make the change, > > > and no disaster will ensue if it is made. > FWIW, the longer you use the ephemeral key, the higher the chance that it > will be leaked. And leaking ephemeral keys can actually lead to disasters > for security. So this change is actually protecting potential disasters from > happening.
Even more important than duration of use is number of uses, as each use exposes the key to side-channel, implementation error and fault attacks. Especially in on-line protocols like TLS. In contrast, keys sitting in memory unused are much less exposed. -Ilari _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
