Hiya,
On 01/04/2021 19:24, Stephen Farrell wrote:
some guidance on checking your front- end's choice of curves and failing when some of the HRR cases get out of whack
Actually it occurs to me that we could for example say that back-ends are RECOMMENDED to support the first curve listed in ECHConfig for both ECH and the TLS h/s and then also RECOMMEND that clients include a key share for that curve as well. With that, it might be acceptable to not use HRR (but fail) if the inner CH has no key shares that the back-end can handle. Things like that might reduce the number of HRR cases we need to handle via new protocol mechanisms. S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
