Hi Ekr, Hi all, I am not entirely sure about the PSK story in TLS 1.3.
In Section 6.2.3 I read that the PSK approach has been combined with resumption. Appendix A4 lists the defined ciphersuites but there is no PSK-based ciphersuite in that list. Section 6.3.1.2 explains that the ServerHello message handling: " The server will send this message in response to a ClientHello message when it was able to find an acceptable set of algorithms and the client’s “key_share” extension was acceptable. If the client proposed groups are not acceptable by the server, it will respond with a “handshake_failure” fatal ale " What this text should be saying is that the response from the server depends on the selected ciphersuite. Implicitly you are saying that in another part of the document, namely in Section 8.2 "MTI Extensions". Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
