k_dh - should always be secure-deleted immediately after use?
Created by: cobratbq
Two remarks regarding to 'k_dh':
In section "Rotating ECDH Keys and Brace Key as sender" a shared secret k_dh is calculated, however it is not specified that it should be deleted securely. I believe we can delete it securely, as this shared secret value is always only used in a one-time, local context.
Other shared secrets: k_ecdh and brace_key, need to be retained for their reuse in other key rotations. I believe this is not the case of k_dh. We immediately use k_dh to calculate the brace_key, and afterwards k_dh has no value anymore. In both key rotations, we replace some DH component (either our secret, or their public key) therefore k_dh becomes invalid anyways. Considering its temporary character, I wonder if it should be treated as a "first-class citizen", i.e. same extensive description as k_ecdh, brace_key, k.