This sounds like the right approach to me. The point of the MTI is to
ensure that the connection succeeds, not that it succeeds as quickly as
possible.
--Richard
On Wed, Jun 5, 2024 at 2:57 PM Martin Thomson wrote:
> I would not mandate the use of an MTI curve, but instead recommend it on
> the
I would not mandate the use of an MTI curve, but instead recommend it on the
basis that this is most likely to avoid HelloRetryRequest and so result in
faster handshakes.
Two reasons:
1. MTI doesn't always correspond to "best", particularly as the protocol ages.
2. If we have an MTI that is ver
