On 08/17/2016 05:17 PM, Eric Rescorla wrote: > It would be a fairly significant simplification to say you could only > have one PSK, because then we could easily require the client to prove > knowledge of the key, for instance by stuffing a MAC at the end of the > ClientHello as we discussed in Berlin. > > So: > Is there any demand for multiple identities? I do not believe there is > any in the Web context. If not, we should remove this feature. >
Then at PSK rollover time, clients are expected to fall back to a new TLS connection using the other PSK? -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
