text to address FIPS confusion (#56)

jsalowey · web-flow · commit 9d74d4b084d4 · 2025-11-17T06:10:04.000Z
diff --git a/draft-ietf-tls-ecdhe-mlkem.md b/draft-ietf-tls-ecdhe-mlkem.md
@@ -78,7 +78,8 @@ and specifies code points for the hybrid groups.
 # Motivation
 
 This document introduces three new supported groups for hybrid post-quantum key agreements in TLS 1.3: the X25519MLKEM768,
-SecP256r1MLKEM768, and SecP384r1MLKEM1024 which combine ML-KEM with ECDH in the manner of {{hybrid}}.
+SecP256r1MLKEM768, and SecP384r1MLKEM1024 which combine ML-KEM with ECDH in the manner of {{hybrid}}. Any of the hybrid groups
+specified in this document may be implemented in a FIPS approved way as discussed in {{discussion}}.
 
 * The first one uses X25519 {{rfc7748}}, is widely deployed, and often serves as the most practical choice for a single PQ/T hybrid combiner in TLS 1.3.
 
@@ -183,7 +184,7 @@ shared secret as described in {{Section 7.4.2 of !RFC8446}}, including the
 all-zero shared secret check for X25519, and abort the connection with an
 illegal_parameter alert if it fails.
 
-# Discussion
+# Discussion {#discussion}
 
 * **FIPS-compliance**. All groups defined in this document permit FIPS-approved key derivation as per {{NIST-SP-800-56C}}
 and {{NIST-SP-800-135}}. NIST's special publication 800-56Cr2 {{NIST-SP-800-56C}} approves the
