I am aware that Openssl has support for external PSK. The Selfie attack was demonstrated using this Openssl implementation: https://eprint.iacr.org/2019/347
However, the github issue you posted is still helpful. If I understand the resolution of this issue: Openssl will first check for a valid external PSK before checking for resumption PSKs. I think we can include EAP-TLS-PSK without major changes to the current document. I only want to ensure that EAP-TLS-PSK does not leave any implementation ambiguities. --Mohit On 10/10/19 7:18 PM, John Mattsson wrote: > Mohit Sethi M mailto:mohit.m.se...@ericsson.com wrote: > >> Can you give an example of an existing TLS 1.3 deployment that offers both >> resumption PSKs and external PSKs? > Don’t know if it is deployed anywhere, but OpenSSL supports resumption of PSK > sessions. There was a bug that stopped it from working that was patched 12 > months ago. > https://github.com/openssl/openssl/issues/7433 > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
