Tighten and clarify KeyShareEntry ordering. #643
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The text already says that both supported_groups and key_shares are in
order of "client preference". Supposing "client preference" is a
well-defined notion, we are already requiring the order match.
The SHOULD was also unclear on whether the list may be a general
subsequence. Clarify that this is allowed. This may be useful if, say,
we define some very large NamedGroup (post-quantum?) in the future that
is still preferable over the existing options. Clients would likely wish
to NOT offer it initially because it would be a waste of bandwidth for
the vast majority of servers which don't support it. (Not to mention
intolerance problems.)
In that scenario, a client would likely not predict a key_share by
default and instead use some kind of server info cache (either caching
what the server chose or using the full server supported_groups list).
But that client would still wish to advertise the new group first.