On Sun, Nov 15, 2015 at 12:28 AM, Bingzheng Wu < bingzheng....@alibaba-inc.com> wrote:
> >> Without the Negotiated Groups extension, > >> > >> Case 1: if the server accepts the Groups in ClientHello.keyshare, it > just use one of the Groups for DH, and CertificateVerify for both sides. > >> > >> Case 2: else it responses an HelloRetryRequest message, which takes > *all Groups* that the server supports. Client picks one and continue. > > > > No. In case 2, the client indicates the groups it supports and the server > > tells it which group to use. > > So, could the HelloRetryRequest be changed to indicate *all Groups* ? > No, I don't think that would be a good idea. > If so, could the Negotiated Groups extension be removed? > No. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
