On 29 April 2016 at 06:43, Eric Rescorla <e...@rtfm.com> wrote: >> - You might want to specify that allow_dhe_resumption doesn't >> change key exchange, only authentication (so DHE_CERT becomes >> DHE_PSK and ECDHE_CERT becomes ECDHE_PSK). > > > I'm not sure I follow. It changes key exchange. If we want to have > a resumption mode that has the server sign, we'll need a different > indicator here.
There is a separate issue that would have the client able to request that the server provide a certificate/certificateverify in resumption handshakes. For that, we might add a allow_cert_resumption flag. But we would do that separately. (Regarding that, if we use cached-info on that resumption, which is probably a good idea overall, then that extension will differ between handshakes.) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
