Hi Matt, You might be also interested in this issue:
https://github.com/tlswg/tls13-spec/issues/1040 --Kazu > I note in draft-21 the following text: > > When clients use a PSK obtained externally to send early data, then > the following additional information MUST be provisioned to both > parties: > > - The TLS version number for use with this PSK > > - The cipher suite for use with this PSK > > - The Application-Layer Protocol Negotiation (ALPN) protocol > [RFC7301], if any is to be used > > - The Server Name Indication (SNI), if any is to be used > > Later it says this: > > In order to accept early data, the server MUST have accepted a PSK > cipher suite and selected the first key offered in the client's > "pre_shared_key" extension. In addition, it MUST verify that the > following values are consistent with those negotiated in the > connection during which the ticket was established. > > - The TLS version number and cipher suite. > > - The selected ALPN [RFC7301] protocol, if any. > > > The language about "during which the ticket was established" seems to > suggest that the following checks do not apply to an external PSK - > which I don't think is intended. Additionally there does not seem to > be a requirement on the server to check that the SNI is consistent. > So, there is a mandatory requirement for an external PSK to specify > the SNI, but no requirement on the server to check that it is actually > correct. Is this discrepancy intentional? > > Matt > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
