Proposed update to Section 4.1.1 of draft-ietf-tls-tls13-18
OLD:
The server indicates its selected parameters in the ServerHello as
follows:
- If PSK is being used then the server will send a "pre_shared_key"
extension indicating the selected key.
- If PSK is not being used, then (EC)DHE and certificate-based
authentication are always used.
- When (EC)DHE is in use, the server will also provide a "key_share"
extension.
- When authenticating via a certificate (i.e., when a PSK is not in
use), the server will send the Certificate (Section 4.4.1) and
CertificateVerify (Section 4.4.2) messages.
NEW:
The server indicates its selected parameters in the ServerHello as
follows:
- If PSK is not being used, then (EC)DHE and certificate-based
authentication are always used, and the server will:
-- provide a "key_share" extension; and
-- send the Certificate (Section 4.4.1) and CertificateVerify
(Section 4.4.2) messages.
- If PSK (without DH or ECDH) is being used, then the server sends a
"pre_shared_key" extension to indicate the selected key.
- If PSK and (EC)DH are being used together, then the server will:
-- sends a "pre_shared_key" extension to indicate the selected
key;
-- provide a "key_share" extension; and
-- send the Certificate (Section 4.4.1) and CertificateVerify
(Section 4.4.2) messages.
END
Many thanks to Sean Turner for turning this into a PR for me:
https://github.com/tlswg/tls13-spec/pull/870
Thanks,
Russ
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
