# Issues/PRs

- #336: PSK Injection, Group recovery, Re-Init, Sub-group Branching
  - Britta: Confidentiality heals because of PCS, but authentication doesn't.
    This can let us keep some state separate from confidentiality, that can be
    used to detect man-in-the-middle at any time in the past.
  - Richard: I don't see a lot of people using this, but I think it gives a
    completeness to the story around PCS, even if not everybody uses it.
- #337: Replace DKDF by n-PRF in key schedule
  - Richard: I think this is good, it solves awkwardness around the order in
    which things are included.
- #342: Allow external proposals to be signed.
  - Raphael: We need to spell out explicitly that all that can be sent with
    `new_member` SenderType are Adds.
  - Richard: This PR should keep the property that MLSPlaintextTBS is the same
    as MLSPlaintext with some prefix.
  - Brendan: It's not clear to me how external parties know the right
    ciphersuite to use.
  - Sean: It's something the application needs to keep track of. So, the correct
    ciphersuite would be distributed along with the group's id. We should add a
    section to the architecture document about what things the application needs
    to keep track of, and if different types of deployments have different
    feature sets. Assign to Benjamin.
- #343: Upper bound for Commit
  - Not controversial.
- #298: Varints
  - Brendan: This is specifying the wire encoding which we said we wouldn't do.
  - Richard: We have to specify the wire encoding, otherwise signatures won't
    verify / MLS won't be interoperable.