Hi, I made several updates to the text based on your comments.
My earlier comments on the early ticket was wrong, it is not a bug. The ticket in OpenSSL is still valid but the server does cannot calculate the PSK before it has received the client Finished. All message flows are correct. There is no single way how TLS 1.3 works. It is completely up to the implementation. The server can send 0 or 20 tickets. It can send them together with the server Finished, or in one or more separate flights. I updated the draft to make it clear that all the message flows are examples. Some of the figure texts appeared like there was only one way the message flow could look like, which is basically never the case in TLS 1.3. I removed the text in the draft on pre-computation of PSK. That is covered in RFC 8446. I added text stating that the NewSessionTicket can be sent with the server Finished or later so that does not come as a suprise. I updated the resumption to send the NewSessionTicket together with Finished. The draft now gives examples of NewSessionTicket in the first server flight and NewSessionTicket in the second server flight. Cheers, John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
