On Fri, May 19, 2023 at 06:57:09PM +0100, Kris Kwiatkowski wrote: > Hello, > > The codepoint for P-256+Kyber768 has been just assigned by IANA. The value > is 0x639A. > Thanks Rich for pointing to the request form.
I get off-by-one for the sizes of key shares. The given size of client key share seems to be size of kyber public key plus 64 bytes, and given size of server key share seems to be the size of kyber ciphertext plus 64 bytes. However, the difference is stated to be UncompressedPointRepresentation for P256 from TLS 1.3. AFACIT, that is 65 bytes (1 legacy_form byte, 32 bytes for x, 32 bytes for y). So I get that the client share should be 1249 bytes (instead of 1248 bytes) and the server key share should be 1153 bytes (instead of 1152 bytes). Obviously something is wrong somewhere, but where? -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
