MUST discard CTX_OLD

[chrysn]

"Once a peer has successfully decrypted and verified an incoming message protected with CTX_NEW, that peer MUST discard the old Security Context CTX_OLD."

When in non-FS mode and CTX_OLD is the original context, the peer can't do that.

[marco-tiloca-sics]

Good catch! Even though Section 4.3 "Key Update with Forward Secrecy" including that text is about the FS mode, it's good that it gives a heads-up about this point.

Then I think that this point can be also restated in Section 4.5.1 "Handling and Use of Keying Material". The "original context" CTX_OLD is the one including the Bootstrap Master Secret and Bootstrap Master Salt.

[rikard-sics]

We now have text about when not to delete CTX_OLD in the section "Selection of KUDOS Mode". That may be sufficient.