Folks, I have just posted draft-ietf-tls-tls13-18.
The only wire format change from -17 is that I removed the extra key derivation stage computing resumption_psk from RMS. This was a holdover from when we also had a resumption context. Now PSK for connection N+1 = RMS from connection N. Thanks to Kazuho for suggesting this simplification. This draft also makes a number of minor editorial changes that should make for easier reading. The two remaining open technical issues I am aware of are both requirements issues: 1. Can you resume with a different SNI than the one that the connection was initiated with [current answer is "no"]? 2. Do you need an application profile to do post-handshake client auth [current answer is "no"]? There has been a bunch of discussion of these on the list but no consensus declarations from the chairs. These are easy to change in the draft once the chairs make the call. As always, comments welcome. -Ekr P.S. NSS will be skipping draft-17 and going right to -18. This should happen before Seoul.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
