ekr
commented
4 months ago This seems reasonable, but it's a normative change, so the chairs need to tell us how to proceed.
@seanturner @jsalowey @dconnolly
Closed bob-beck closed 2 months ago
ekr
commented
4 months ago This seems reasonable, but it's a normative change, so the chairs need to tell us how to proceed.
@seanturner @jsalowey @dconnolly
ekr
commented
3 months ago @seanturner @jsalowey @dconnolly do the chairs want to entertain this?
seanturner
commented
2 months ago @ekr this PR is ready to merge; see mail.
Supported Groups is intimately tied to Key Share, where Key Share must be sent in the preference order specified by Supported Groups.
Duplicate Key Shares for a group are already forbidden from being sent, but allowing duplicates in Supported Groups makes this a bit muddled if supported groups is permitted to be, for example, ABA and the client sends key share B then A.
Now, nothing sane should actually be sending duplicate supported groups in a preference order, but it's still not forbidden to do so today. I'm suggesting we just not allow this so server side implementations can reject attempts to do so.