On Mon, Jul 24, 2017 at 04:40:24PM +0000, Dan Brown wrote: > Hmm, I'd appreciate a brief reminder* of why 1.3 needs nonces at all, > given that ephemeral DH is mandated, if anybody has the time/ > patience. (* ok, not that I truly ever knew).
Two reasons: - The DH shares can be reused (even if this is bad practice, there is no requirement not to). - There still is pure-PSK mode, which has no entropy injection apart from Random values. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
