On 26.11.25 21:44, Eric Rescorla wrote:
Right, though it's important to be clear on what that means:- You have to support key_share, but you don't necessarily need to send it (e.g., if you're doing pure PSK without any DH).
cool, thanks very much. That resolves the apparent mismatch between section 9.1 and Figure 1 in my head.
- The requirement for key_share doesn't require you to do ECC, just to support the extension generally. You'd be in compliance with this particular MUST if you supported pure MLKEM, though of course not with the MUST to support P-256.
I think the draft should have a statement somewhere stating that it is no longer compliant with the base TLS specs, with pointer to section 9.1 of RFC 8446bis.
-Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
