On 9 September 2016 at 23:37, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > I am wondering why I cannot use Zero-RTT with just PSK-based authentication > (without a prior ticket change).
I think that you would need to bind more things to the key in that case, but I assume that it would be OK if you did so. You already need to pair a PSK with a hash, but if you paired it with a whole cipher suite instead and also the ALPN (which could be null), then I see no reason not to permit 0-RTT for pure PSK. (I think that cipher suite + ALPN is sufficient, but someone can correct me if I missed anything.) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
