IETF Logo Mail Archive

[TLS] Re: WG Consensus Call: Prohibit Key Share Reuse Between Connections

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 24 March 2026 04:06 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 82A39D06C36D for <tls@mail2.ietf.org>; Mon, 23 Mar 2026 21:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E3Pz9ZZ_3bjQ for <tls@mail2.ietf.org>; Mon, 23 Mar 2026 21:06:53 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E53B8D06C363 for <tls@ietf.org>; Mon, 23 Mar 2026 21:06:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1774325210; h=date : from : to : subject : message-id : reply-to : references : mime-version : content-type : in-reply-to : content-transfer-encoding : from; bh=K/kQ3Ydn35JeBTkk1aJd5nH59yMdS1SPUgCxwZWN1uE=; b=HgUMJsBTj5poGxuOWSkDTu8DxrYP5CGM0OS9nd30DgXlnS4rMAfZFnzR45Tyid2tpSIKw GZGynZDeghv5zo6aZ/Djj2n7BdokdZnfORanqBe+6Qg6Png4+WEiTu7CKcasW3UGlUorThQ /3XwIG47V2Jg/vQfd34SmFezINs5UbQ=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id DB844938E14; Tue, 24 Mar 2026 15:06:50 +1100 (AEDT)
Date: Tue, 24 Mar 2026 15:06:50 +1100
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <acIN2kRWLRSH_X_7@chardros.imrryr.org>
References: <92B7449C-F212-4A14-8852-58F8432FF131@sn3rd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <92B7449C-F212-4A14-8852-58F8432FF131@sn3rd.com>
Mail-Followup-To: <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: AUFTAPXQPRV4WTGFU4GNDY5T6HJ647TW
X-Message-ID-Hash: AUFTAPXQPRV4WTGFU4GNDY5T6HJ647TW
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: tls@ietf.org
Subject: [TLS] Re: WG Consensus Call: Prohibit Key Share Reuse Between Connections
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5lfcbFalqcUIpabFimsNHptbMG8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Mon, Mar 23, 2026 at 04:40:14PM -0400, Sean Turner wrote:

> This message starts a two week consensus call on whether
> draft-ietf-tls-rfc8446bis should prohibit key share reuse between
> connections. ekr has already produced a PR; see [1]. Please let the
> list know whether you do or do not support this change by 6 April
> 2026. Please note that if you already replied in here:[2] there is no
> need to also reply to this thread unless you changed your mind.
> 
> Note that as draft-ietf-tls-rfc8446bis in currently in AUTH48, this
> may add some delay to its publication. We believe that any delay would
> be small because we already know there are outstanding PRs that needed
> to be worked.

FWIW, I still believe that the current SHOULD NOT (reuse ephemeral keys)
is better than the proposed MUST NOT, however that's not a battle worth
fighting.  It seems that the prevailing wisdom is to make the change,
and no disaster will ensue if it is made.

-- 
    Viktor.  🇺🇦 Слава Україні!

v2.46.0 | Report a Bug | By Email | System Status