IETF Logo Mail Archive

[TLS] Re: WG Consensus Call: Prohibit Key Share Reuse Between Connections

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Tue, 24 March 2026 14:30 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 40B24D0B0351 for <tls@mail2.ietf.org>; Tue, 24 Mar 2026 07:30:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSA4MGL_ildT for <tls@mail2.ietf.org>; Tue, 24 Mar 2026 07:30:32 -0700 (PDT)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7C2AAD0B0320 for <tls@ietf.org>; Tue, 24 Mar 2026 07:30:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:To: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=iF2WtzTujFmQ0ciI2lpTWrbWQOhjxMsWkdT7+BCusdw=; b=mzoGH/KrhFUWyhuHT1uXnayEEC Mf7W9CJnO/AWVOUK9pZ+e7dMre68EojVU1ANa4OuxVVcZZUFhwgx4Lut9Ufng7aoxGZBn6FL4uOOj iUxMtFJr7UA32gpLJMbklua92FYEZ2vOaq7XKf4OmacqNbW8hmqRPSiMYRJE+a3IM16oLTbCG4JaL ZcfAzXHEv+pwHwB+me/ogBEovc9MddHO2xvARfvIGIwweSX2k//EERuquYTpnp0myFLo0GWv9W4yf 3TbflKTTHXtmbY+UOMVgo43m/y1jkFnhPUr8JDJz1goqum1uihsEWl5X4Y4dKPoTAQtqRPepT4PMu auRDuixQ==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1w52m6-00FqEc-OA; Tue, 24 Mar 2026 15:30:31 +0100
Received: from [192.168.20.22] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 24 Mar 2026 15:30:29 +0100
Message-ID: <ddea35fe-0a18-4562-aa73-b9b6cd819360@tu-dresden.de>
Date: Tue, 24 Mar 2026 15:30:28 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, tls@ietf.org
References: <92B7449C-F212-4A14-8852-58F8432FF131@sn3rd.com> <acIN2kRWLRSH_X_7@chardros.imrryr.org> <87bjgdy1fd.fsf@josefsson.org>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <87bjgdy1fd.fsf@josefsson.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms070102060609080500040803"
X-ClientProxiedBy: MSX-L420.msx.ad.zih.tu-dresden.de (172.26.34.140) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Message-ID-Hash: 3DW5CPH7BYJD4VPQS6SN7LTYMYKCSTXP
X-Message-ID-Hash: 3DW5CPH7BYJD4VPQS6SN7LTYMYKCSTXP
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Consensus Call: Prohibit Key Share Reuse Between Connections
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AwaggEV7HI_j4onWaFsFq9aCvBo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On 24.03.26 11:19, Simon Josefsson wrote:

> Viktor Dukhovni<ietf-dane@dukhovni.org>  writes:
>> FWIW, I still believe that the current SHOULD NOT (reuse ephemeral keys)
>> is better than the proposed MUST NOT, however that's not a battle worth
>> fighting.  It seems that the prevailing wisdom is to make the change,
>> and no disaster will ensue if it is made.
FWIW, the longer you use the ephemeral key, the higher the chance that 
it will be leaked. And leaking ephemeral keys can actually lead to 
disasters for security. So this change is actually protecting potential 
disasters from happening.
> I believe implementations and deployment that make reasonable use of key
> share reuse (which I believe the earlier discussion acknowledged) [...]

I think "reasonable" is the key word here. Maybe we should discuss 
precisely what is the /reasonable/ use of key share reuse for (EC-)DHE 
(for example)?

Best regards,

-Usama

v2.46.0 | Report a Bug | By Email | System Status