Top posting so that others on the list can chime in.
While discussing the privacy implications of external PSK identities, Jim
Schaad in his email below recommends that we could describe techniques for
importing external PSK identities (that may be typed in by the user). He
suggests that we cou
Hi everyone,
A few thoughts on draft-ietf-tls-external-psk-guidance-00:
Isn’t the rerouting attack described in Section 4 not possible if "A" uses the
SNI extension and "C" aborts the connection on mismatch? If so, it might be
worth mentioning that as a potential mitigation (as the Selfie paper
