What is the rationale for restricting a change in certificate? If the server has a new certificate that the client would accept with a full handshake, what threat is added by also accepting that certificate with a PSK handshake?
Requiring the certificate to remain the same will make rollout of a new certificate more challenging (even with longer-lived certificates), particularly on distributed servers where the update is not immediate fleet-wide. It will also add noise to metrics when rolling out a new certificate when ideally you want everything relatively constant (to be confident the new certificate is working properly). Kyle -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Thomson Sent: Tuesday, May 24, 2016 5:00 PM To: Ilari Liusvaara <ilariliusva...@welho.com> Cc: tls@ietf.org Subject: Re: [TLS] Asking for certificate authentication when doing 0-RTT On 20 May 2016 at 12:41, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Wed, May 18, 2016 at 10:10:29AM -0400, Martin Thomson wrote: >> I just posted this: >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf >> .org_doc_draft-2Dthomson-2Dtls-2D0rtt-2Dand-2Dcerts_&d=CwICAg&c=5VD0R >> TtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=cJNWhprXjoJ1zN66VdIpTtqs >> s54Z2N5U0l61Yj7RL_I&s=hd6AtOpOp_1ULpSo_TRrpuxmTwQKZrjr6oz0Tm0hASs&e= >> >> It's fairly self explanatory. The idea is to create a way to signal >> that the client wants the server to re-authenticate itself, even if >> it successful in using a pre-shared key. > > - How is the capability signaled? New flag bits in session ticket > for these ciphersuites? I just uploaded -01 that corrects this oversight. I have raised https://github.com/martinthomson/tls-0rtt-and-certs/issues/1 which tracks whether certificates might change. _______________________________________________ TLS mailing list TLS@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=cJNWhprXjoJ1zN66VdIpTtqss54Z2N5U0l61Yj7RL_I&s=2divOhlUGndixU6HSAFfmzyMt_Ufkc58GwbPbrg19GM&e= _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
