Exception for X25519MLKEM768 naming (#27)

post-quantum-cryptography · Dec 19, 2024 · 0197886 · 0197886
1 parent 5c011f1
commit 0197886
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/draft-kwiatkowski-tls-ecdhe-mlkem.md b/draft-kwiatkowski-tls-ecdhe-mlkem.md
@@ -109,6 +109,10 @@ of the scheme, which will remain more ubiqutous for secp256r1 in the coming year
 For this reason we put the ML-KEM shared secret first in X25519MLKEM768,
 and the ECDH shared secret first in SecP256r1MLKEM768 and SecP384r1MLKEM1024.
 
+Note: The group name X25519MLKEM768 does not adhere to the naming convention outlined in
+{{Section 3.2 of hybrid}}. Specifically, the order of shares in the concatenation has been
+reversed. This is due to historical reasons.
+
 ## Construction
 
 ### Client share