Joseph Birr-Pixton <jpix...@gmail.com> writes: >That is not a correct interpretation, in my opinion. Offering a key_share for >every MTI key exchange is not required, because: > >> Clients MAY send an empty client_shares vector in order to request >> group selection from the server, at the cost of an additional round >> trip
Chrome doesn't send an empty client_shares, it just sends one populated with non-MTI keyex types. Peter. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
