William Whyte <wwh...@securityinnovation.com> writes: > Hi all, > > We've updated the TLS 1.3 Quantum Safe Handshake draft to use extensions as > suggested by DKG in Prague. All comments welcome. > > There's an interesting issue here: McEliece keys, which should be > permissible, are larger in size (about 2^20 bytes) than the maximum > permissible extension size (2^16-1). In order to support McEliece keys it > might be worth increasing the maximum extension size to 2^24-1 for TLS 1.3. > Is there a strong reason for keeping the maximum size at 2^24-1, other than > saving one byte on all the relevant length fields?
That would affect the initial client hello, which I think we're trying to keep backwards compatible. It might be better to just define a rule like "if multiple extensions with the same number are present, their values are concatenated". _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
