HRR is a pretty simple message to implemement. Including it into a ServerHello would complexify the protocol without much gain imo.
I also think that forcing a client to use one of the curve is not a good idea either. Who is going to agree on what curve it should be here :) ? Probably browsers and server implementations will end up agreeing on the same set anyway. And client/server controlled infrastructures can enforce that to avoid using HRR as well. David _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
