Nick Harper <i...@nharper.org> writes: >I see no requirement in section 9 nor in section 4.2.8 requiring MTI curves >be present in the key_share extension if that extension is non-empty.
Just because it's possible to rules-lawyer your way around something doesn't make it valid (I also see nothing in the spec saying a TLS 1.3 implementation can't reformat your hard drive, for example, so presumably that's OK too). The point is that P256 is a MTI algorithm and Chrome doesn't provide any MTI keyex in its client hello, making it a noncompliant TLS 1.3 implementation. Peter. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
