On Mon, Mar 24, 2025 at 8:34 AM Christopher Patton <cpat...@cloudflare.com> wrote:
> Hi EKR, > > >> I agree we shouldn't *disable* key_share, but it seems like the right >> answer here is to instead combine the PAKE output with the existing key >> establishment. >> > > I probably just missed this in the discussion, but what would be the > advantage of combining PAKE with the existing key exchange? > 1. Getting PQ resistance for free even with non-PQ PAKEs. 2. Reducing the combinatoric explosion of "groups" -Ekr > I'm not necessarily opposed. My main motivation is to reduce some > complexity in the draft. > > Chris P. >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
