From Arpan Sharma:
> 1. Is the "providers should ignore unknown named group scheme names" contract
> still considered correct, now that named groups are a security-policy
> parameter (post-JEP-527) rather than a performance hint?
Maybe a compromise would be that getting the parameters must reflect removed groups (but I am not sure this is a compatible Change, maybe only allowing/recommending the thing to return the effective set, so client code can validate but current versions are still compliant?> 3. Is there interest in exposing the negotiated named group through a public API(Let me give my user Feedback from the view Point of ISV with Enterprise Customers battling with hundreds of possible Legacy Software Communication Partners):Definitely needed. Independent of PQC and named groups a listener providing handshake details (and also offered negotiation details) would be very (for Client and Server sockets). For example before we disable a certain algorithm (which happens to be the negotiated one) the Software should be able to tell if others are offered. And also auditing the used parameters without relying on net debug logs would be good. (At the moment you have to poke into custom log handlers or reflection).GrußBernd
--
https://bernd.eckenfels.net
