On Jan 22, 2022, at 06:35, Nimrod Aviram <nimrod.avi...@gmail.com> wrote: > > > The nice thing about the hybrid draft is that it isn't a firm commitment to > > any particular combination method. > > It only suggests a method. > > That's not my understanding. My reading is that the draft prescribes a > combination method, and if adopted and standardized, it would be > concatenation, for all group combinations. > Do you envision a scenario where a different combination method is > standardized? If so, could you please elaborate how this would come to pass - > perhaps as a revision of the eventual hybrid standard? > Douglas, could you please chime in regarding this issue? If standardized, do > you envision changing/adding combination methods?
I agree with Nimrod's understanding: as it stands now, I think the hybrid draft does not commit to any particular *combination* of groups, but the draft does commit to a particular *combination method*, namely concatenation of individual shared secrets, with the concatenation then used directly in the existing TLS 1.3 key schedule. This certainly wouldn't preclude an alternative being proposed at a later date, but that would be in a new document. Douglas _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
