> > > > I think that specifying *both* in preference order, and recommending > > > the servers to first inspect key shares and then supported_groups > > > (if no intersect between what server supports and what key shares > > > client provided) would end up with more predictable behaviour and > > > cleaner code. > > > > > But if the orders are not consistent, the logic get annoyed. It's a > > good > > practice to keep the order consistent, but it would be better if the > > preference order is unique and specified in one place. > > that means that the code needs to keep references to two arrays at the > same time and either create a hash table for lookups in key shares or > iterate over key shares for every try - this makes code and logic more > complex, not less > I did not get the idea, can the complex above be avoided if keeping both? Does one preference order just get ignored?
If the orders are not consistent, if I can choose from two options: continue or alter, I would choose the continue option. Alert message is expensive in practice. Anyway, minor question, not a big concern to me. Thanks & Regards, Xuelei
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
