Much belated approval. One minor issue and some nits.
Section 4 talks about failure, but doesn't really put enough work in. If this
is an error that needs to be retried, then a new error code is necessary.
Decapsulation failure will occur at the server, which will have to indicate
that failu
Hiya,
On 9/1/24 22:04, Douglas Stebila wrote:
On Sep 1, 2024, at 10:47 AM, Stephen Farrell
wrote:
Section 3.2 says there are two allowed ways to handle the same
component algs being used in multiple key shares. However, doesn't
ECH mean that additional possibilities exist? What should a cli
It's not specified one way or the other in ECH but HPKE S 4.1 strongly
suggests you should not be reusing these values:
Namely:
def Encap(pkR):
skE, pkE = GenerateKeyPair()
And skE means you are generating a key of type E:
Ephemeral (E): Role of a fresh random value meant for one-time
> On Sep 1, 2024, at 10:47 AM, Stephen Farrell
> wrote:
>
> Section 3.2 says there are two allowed ways to handle the same
> component algs being used in multiple key shares. However,
> doesn't ECH mean that additional possibilities exist? What
> should a client do in terms of re-use when using
Hiya,
On 8/12/24 20:50, Deirdre Connolly wrote:
This email starts the working group last call for the Internet-Draft
"Hybrid key exchange in TLS 1.3", located here:
https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
The WG last call will end 26th August 2024 @ 2359 UTC.
Apologie
