More recommendations for last resort key packages

mlswg · Jan 19, 2024 · cb60dc2 · cb60dc2
1 parent 9a07837
commit cb60dc2
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/draft-ietf-mls-architecture.md b/draft-ietf-mls-architecture.md
@@ -675,11 +675,18 @@ multiple times. Clients are responsible for providing new KeyPackages as
 necessary in order to minimize the chance that the "last resort" KeyPackage will
 be used.
 
-> **RECOMMENDATION:** Ensure that "last resort" key packages don't get used by
-> provisionning enough standard key packages.
+> **RECOMMENDATION:** Ensure that "last resort" KeyPackages don't get used by
+> provisionning enough standard KeyPackages.
 
-> **RECOMMENDATION:** Rotate "last resort" key packages as soon as possible
+> **RECOMMENDATION:** Rotate "last resort" KeyPackages as soon as possible
 > after being used or if they have been stored for a prolonged period of time.
+> Overall, avoid reusing last resort KeyPackages as much as possible.
+
+> **RECOMMENDATION:** Ensure that the client for which a last resort KeyPackage
+> has been used is updating leaf keys as early as possible.
+
+Overall, it needs to be noted that key packages need to be updated when
+signature keys are changed.
 
 ## Delivery of Messages {#delivery-guarantees}