On 6/25/26, 8:52 AM, "Bas Westerbaan" <[email protected]> 
wrote:

  *
The expanded decapsulation key caches the hash of the encapsulation key. The 
decapsulation key check is whether that hash is correct. FIPS 203 only requires 
that check if the key is from an untrusted source. In the case of TLS, you 
generate the key yourself earlier, so you know the hash is correct.

If someone like MT was confused, then perhaps this text should be in the draft 
somewhere?
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to