Greetings. it's unclear to me how is the shared secret g^xy calculated for groups in https://tools.ietf.org/html/rfc7919 .
If you recall, the TLS 1.1 uses this method the https://tools.ietf.org/html/rfc4346#section-8.1.2 , causing some interoperability problems that are hard to fix. The RFC 7919 doesn't specify what to do here. So, the question is, assuming that ffdhe2048 is negotiated, - is g^xy padded to 256 bytes (more sound method) or - the leading zero bytes of g^xy must be stripped (legacy method, used for historic reasons)? Thank you. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
