Hi Ekr,
> > The only way to do 0-RTT would be with a PSK (in both PSK and > > PSK-(EC)DHE modes). > > I see. This is, of course, a bit unfortunate. > > > Can you expand on why? The general sense of the discussion was that they > offered similar properties. > The PSK-ECDHE mode is less useful for the IoT space because you get the overhead of the public key crypto without actually most of the benefits. If you already go that step then I would recommend to use raw public keys instead. But since you clarified the question about the use of out-of-band provisioned PSKs below it just means that someone using public key-based authentication will have more roundtrips (compared to the PSK case). > > > > However, this would include PSKs established via a previous session, > > i.e., resumption-PSK. > > Only established in previous sessions or also distributed out-of-band > (as it would be done with PSKs normally). The way you phrased it sounds > like you want to exclude the out-of-band case and I wonder why. > > > No, the out-of-band case is fine. Ok. Good. > > -Ekr Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
