* If the client sends an X25519MLKEM768 key share and the server * responds with an X25519 key share, wouldn’t the client just reject * it because it’s for a different group?
Yes of course. So for now the x25519 share would be repeated. I’d like to know why that seems like a bad idea. cTLS could elide the dupication if we want :)
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
