I don't understand this text. In this context, supported_groups is not optional.
The client includes the "tls_cert_with_extern_psk" extension in the ClientHello message. The "tls_cert_with_extern_psk" extension MUST be accompanied by the "key_share", "psk_key_exchange_modes", and "pre_shared_key" extensions. The client MAY also find it useful to include the "supported_groups" extension. Since the But if you send "key_share" you need to send "supported_groups" because TLS 1.3 requires that the group be selected out of "supported_groups". -Ekr On Tue, Sep 2, 2025 at 12:07 PM Russ Housley <hous...@vigilsec.com> wrote: > Mike: > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Section 4: "MAY also find it useful" means that the client is permitted, > but > > not required, to find the extension useful. Is that the intended sense? > I'd > > suggest that this is a lowercase "may" or better yet "might". > > Suggestion: > > The client MAY also include the "supported_groups" extension. > > Russ > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
