Per the discussion in today's meeting. ISTM that the main intent is to entirely preclude the use of PQ with TLS 1.2. In that case, I think we should probably say:
- Clients MUST NOT advertise these code points unless they are advertising TLS 1.2 as well as TLS 1.3. - Servers MUST NOT advertise these code points unless they have negotiated TLS 1.3 or above. - If TLS 1.2 is negotiated, servers MUST NOT send certificates which are signed by or contain keys using these algorithms. -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
