John Mattsson writes:
> Tero Kivinen wrote:
>
> > and doing Diffie-Hellman for each of them would be too costly
>
> I agree that was true in the past. Do you think that is still the
> case for an optimized implementation of modern algorithms running on
> new CPUs? As I wrote in draft-mattsson-tls
Hi, one more reflection on this:
- People have requested EDHOC as well as EAP with PSK authentication. For the
first protocol run (i.e., not resumption) ephemeral key exchange should be a
requirement. A PSK with ephemeral ECDH mode can be used for more than
resumption.
Tero Kivinen wrote:
> a
Rafa Marín López writes:
> Hi John:
> - 2) Use PSK with ECDHE (similar to psk_dhe_ke in TLS)
>
> Let me also add here, as a reference, IKEv2. Basically, section 1.3.2 in RFC
> 7296 shows a 1-RTT exchange including DH exchange and nonces to regenerate the
> IKE security association.
>
> -
Hi John:
> El 26 ene 2023, a las 0:25, John Mattsson
> escribió:
>
> Hi Rafa,
>
> Thanks for bringing up this question. I think this is a very good discussion
> to have at this point.
>
> First discussion is probably why resumption is needed. I think there are
> three things that can be m
