On Sat, Jul 25, 2015 at 02:53:17PM -0400, Dave Garrett wrote:
> 3) Just to state the obvious: If a client is going to do PSK resumption
> with a non-PFS suite, it needs to offer a non-PFS suite.
Forward-secrecy is not about doing or not doing DHE/ECDHE those
are just means to an end. Forward-secrecy is about retaining
confidentiality of past traffic even when long-term secrets (for
TLS server private keys) are later disclosed.
With that in mind, resumption without DHE/ECDHE has the same
forward-secrecy as the original session. The session master secret
is not a "long-term" secret.
> Even if it's not
> really going to be negotiated for anything else, I don't really like the
> feel of this. I think it'd also be cleaner if the offered suites didn't
> have to change for resumption.
Perhaps I am missing something, but I see no reason for the offered
ciphersuites to change.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
