On Fri, Nov 13, 2015 at 12:12 AM, Bingzheng Wu < bingzheng....@alibaba-inc.com> wrote:
> Hi All, > > Without the Negotiated Groups extension, > > Case 1: if the server accepts the Groups in ClientHello.keyshare, it just > use one of the Groups for DH, and CertificateVerify for both sides. > > Case 2: else it responses an HelloRetryRequest message, which takes *all > Groups* that the server supports. Client picks one and continue. > No. In case 2, the client indicates the groups it supports and the server tells it which group to use. -Ekr > > I think Case 1 always happens in real world, and Negotiated Groups > extension is then useless. > So removing it will simplify the protocol and save some bytes, without > bring any disadvantage. > > Do I miss anything? Does this extension exist for compatible with > elliptic_curves? > > Wu > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
