On 6/25/26, 8:52 AM, "Bas Westerbaan" <[email protected]> wrote:
* The expanded decapsulation key caches the hash of the encapsulation key. The decapsulation key check is whether that hash is correct. FIPS 203 only requires that check if the key is from an untrusted source. In the case of TLS, you generate the key yourself earlier, so you know the hash is correct. If someone like MT was confused, then perhaps this text should be in the draft somewhere?
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
