Merge pull request #1314 from emanjon/patch-23

(EC)DHE instead of EC(DHE)

draft-ietf-tls-rfc8446bis.md

@@ -5669,20 +5669,20 @@ Forward secrecy limits the effect of key leakage in one direction
 (compromise of a key at time T2 does not compromise some key at time
 T1 where T1 < T2). Protection in the other direction (compromise at
 time T1 does not compromise keys at time T2) can be achieved by
-rerunning EC(DHE). If a long-term authentication key has been
-compromised, a full handshake with EC(DHE) gives protection against
+rerunning (EC)DHE. If a long-term authentication key has been
+compromised, a full handshake with (EC)DHE gives protection against
 passive attackers. If the resumption_master_secret has been
-compromised, a resumption handshake with EC(DHE) gives protection
-against passive attackers and a full handshake with EC(DHE) gives
+compromised, a resumption handshake with (EC)DHE gives protection
+against passive attackers and a full handshake with (EC)DHE gives
 protection against active attackers. If a traffic secret has been
-compromised, any handshake with EC(DHE) gives protection against
+compromised, any handshake with (EC)DHE gives protection against
 active attackers. Using the terms in {{RFC7624}}, forward secrecy
-without rerunning EC(DHE) does not stop an attacker from doing static
+without rerunning (EC)DHE does not stop an attacker from doing static
 key exfiltration. After key exfiltration of
 application_traffic_secret_N, an attacker can e.g., passively
 eavesdrop on all future data sent on the connection including data
 encrypted with application_traffic_secret_N+1,
-application_traffic_secret_N+2, etc. Frequently rerunning EC(DHE)
+application_traffic_secret_N+2, etc. Frequently rerunning (EC)DHE
 forces an attacker to do dynamic key exfiltration (or content
 exfiltration).