I'd be happy for the checks to be removed.

On Fri, Jun 26, 2026 at 5:03 AM Martin Thomson <[email protected]> wrote:

> On Fri, Jun 26, 2026, at 12:47, David Benjamin wrote:
> >> 2. (Decapsulation key type check) If dk is not a byte array of length
> 768𝑘+96 for the value of
> >> 𝑘 specified by the relevant parameter set, then input checking has
> failed.
> >
> > This is the *length of the private key*. That is (hehe) checking what
> > you generated. It is *not* what you received from the other side.
>
> I see, thanks for the explanation.  I sort of assumed that FIPS 203
> wouldn't be THAT silly.  Bad assumption on my part.
>
> Given that any checking that exists is already implied by an invocation of
> Encaps/Decaps, would it be acceptable to simply remove the explicit pointer
> to the checks?
>
> I've suggested that on the PR:
> https://github.com/tlswg/draft-ietf-tls-mlkem/pull/25/changes#r3478889869
>
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to