On Mon, Dec 28, 2015 at 3:33 PM, Florian Weimer <fwei...@redhat.com> wrote:
> On 12/28/2015 09:11 PM, Eric Rescorla wrote: > > >> You still have the added complexity that during rekey, you need to > >> temporarily switch from mere sending or receiving to at least > >> half-duplex interaction. > >> > > > > That's not intended. Indeed, you need to be able to handle the old key > > in order to send/receive the KeyUpdate. Can you elaborate on your > concern? > > Ah, so you want to keep the current mechanism and not inject fresh > randomness? Isn't this fairly risky? Can you explain the risk you are concerned about in more detail? -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls