rikard-sics
commented
1 year ago Benefit without the fallback is that only method 1 or method 2 need to be implemented. With the fallback both methods need to be implemented.
Closed rikard-sics closed 1 year ago
rikard-sics
commented
1 year ago Benefit without the fallback is that only method 1 or method 2 need to be implemented. With the fallback both methods need to be implemented.
rikard-sics
commented
1 year ago Security-wise method 1 and 2 should be the same. Both give forward secrecy
rikard-sics
commented
1 year ago We can change updateCtx to only rely on Method 2. Check during interim.
rikard-sics
commented
1 year ago Also means we can simplify computation of X_N, to be X | N instead
rikard-sics
commented
1 year ago Consensus from the interim on September 28 is that this seems fine to do.
Is it fine to only use METHOD 2?
Based on feedback from Christian during IETF 114.