Open LPardue opened 2 years ago
The MUST delete is for forward secrecy. Like in TLS, if all clients have deleted all keys, the key exposure footprint is reduced to only what's necessary.
The time choices are arbitrary, yes. I wanted something in there, but I don't have a principled answer for what they should be. It's possible that these should be server-advertised values instead of a client-side constant, but I'd expect for most practical purposes a time-based hard limit will suffice.
Maybe we should add this to the list of things we hope to learn by making this experimental, like the congestion control handwaviness?
yep sounds all good
Section 10.2 says
My first question is why is it a MUST. My second question is why these values?
Since this is a client behaviour that is hard for the peer to enforce, it would help to explain the rational behind these requirements so that implementations
Do the Right Thing
.