You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, because send and receive keys are derived from independent traffic secrets, retaining the receive traffic secret does not threaten the forward secrecy of data sent before the sender changed keys.
Comment> I can't parse the above line. In TLS 1.3, the send and receive keys are derived from the main secret and if the main secret is compromised, both the send and receive keys can be calculated by the attacker. I get that with HPKE, the send and receive keys are derived from independent traffic secrets.
The text was updated successfully, but these errors were encountered:
However, because send and receive keys are derived from independent traffic secrets, retaining the receive traffic secret does not threaten the forward secrecy of data sent before the sender changed keys.
Comment> I can't parse the above line. In TLS 1.3, the send and receive keys are derived from the main secret and if the main secret is compromised, both the send and receive keys can be calculated by the attacker. I get that with HPKE, the send and receive keys are derived from independent traffic secrets.
The text was updated successfully, but these errors were encountered: