Hi Russ, On 01/04/2017 03:17 PM, Russ Housley wrote: > Ben: > >> I also had the sense that ekr noted that we didn't want to do this in >> the core spec. >> So, could you point me more clearly at what you would want to change >> in the core spec that would allow doing the thing you want to see >> done in a future document? (Is it just removing "i.e., when a PSK is >> not in use"?) >> > > I am not looking to put the details in the core spec. I think I said > that in my first posting. However, I do want to ensure that the > identity associated with the external PSK and the certificate are both > considered. There needs to be a hook in the core spec for that to happen. >
I understand that. > I quotes the part of the core spec that seems to say otherwise. > What I don't understand is exactly which part or parts in combination of the quoted text are saying otherwise, in your reading of it. I offered a potential part of the quoted text which might be leading you to that interpretation (the "i.e., when a PSK is not in use" clause), and you did not confirm or deny my guess. So, I still don't understand what seems problematic to you about the existing text -- to me, it says that certain things must be done if certain other things are or are not done, but does not seem to preclude certain things being done and certain other things also being done. Maybe you could propose a patch that provides the hook that you would like to see, so that I can understand the issue with the current text? -Ben > >>>> On Thu, Dec 22, 2016 at 4:54 PM Russ Housley <hous...@vigilsec.com >>>> <mailto:hous...@vigilsec.com>> wrote: >>>> >>>> I want to make sure that it is possible to mix PSK with (EC)DH >>>> as a protection against the discovery of a quantum computer. I >>>> recognize that the WG does not want to tackle this topic in the >>>> base specification; however, the following text in Section >>>> 4.1.1 makes this difficult to do so in a companion document: >>>> >>>> > The server indicates its selected parameters in the >>>> ServerHello as >>>> > follows: >>>> > >>>> > - If PSK is being used then the server will send a >>>> "pre_shared_key" >>>> > extension indicating the selected key. >>>> > >>>> > - If PSK is not being used, then (EC)DHE and >>>> certificate-based >>>> > authentication are always used. >>>> > >>>> > - When (EC)DHE is in use, the server will also provide a >>>> "key_share" >>>> > extension. >>>> > >>>> > - When authenticating via a certificate (i.e., when a PSK >>>> is not in >>>> > use), the server will send the Certificate (Section >>>> 4.4.1) and >>>> > CertificateVerify (Section 4.4.2) messages. >>>> > > Russ
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
