> On Nov 19, 2018, at 5:26 AM, Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote: > > Can you give me an example of what you mean? > (i.e. "Use "TLS MUST NOT in a sentence" :-) Of course it can be done: "Clients SHOULD detect repeated use of the same [EC]DH key share by a server, and MAY terminate TLS connections with alert Repeated-key-share detected when detecting this form of server misbehavior." That belongs in the to be written RFC "ETSI extensions to TLS considered harmful". Of course, we may debate whether we want to publish such RFC. -- Christian Huitema
