Comment by tialaramex

It's also helpful shorthand. One of the reason there is no RSA KEX† in TLS 1.3 is that under BCP 188 obviously aiding bulk surveillance technology isn't acceptable, so when you have a liaison from the ACLU saying yes, get rid of RSA KEX and a representation from EDCO (Enterprise Data Center Operators, basically big old financial companies) saying it'll cost them too much money to lose RSA KEX so it should be reinstated in the late drafts for the RFC, there was no need to re-explain in great detail why the ACLU are right here because there's already a document explaining to anybody who is new to this.

† The RSA Key Exchange goes like this: We get the public key of a server from their certificate which they sent us, we pick a symmetric key at random and we encrypt our chosen key using that public key with the RSA algorithm, so that only the legitimate owner of the certificate can decrypt it, then we send that encrypted key to the server. Because they know the Private Key corresponding to the public key in the certificate they can decrypt the symmetric key we sent. This symmetric key is used for all further communication. This means if say, the Mad King's Secret Police obtain a copy of the RSA private key for the server at any time the Secret Police can decrypt every communication, even if the communications they're decrypting happened weeks, months or years before they obtain the key.