This is my take on #43, pointing to the cases when it's possible to reuse tokens, at the same time discouraging it for all other cases.
The acceptable cases are
the ones identified in the last authors' call, and
TLS and OSCORE
I've added in a potential third case in source comments; it's still something we can dig up if people ask for more comprehensive exceptions, but there's so many things that can go wrong that I'd rather not have it in.
This is my take on #43, pointing to the cases when it's possible to reuse tokens, at the same time discouraging it for all other cases.
The acceptable cases are
I've added in a potential third case in source comments; it's still something we can dig up if people ask for more comprehensive exceptions, but there's so many things that can go wrong that I'd rather not have it in.