Benjamin Kaduk <ka...@mit.edu>于2018年3月14日周三 上午10:02写道:
> It seems like we get ourselves in trouble by allowing multiple > external PSKs to be present. If we allowed at most one external > PSK in a given ClientHello, then aborting the handshake on binder > failure would be the correct choice, as discovering a valid identity > would require discovering a valid key/password as well. > > Disallowing multiple external PSKs would make migration scenarios a > little more annoying, but perhaps not fatally so. > what about each external PSK's survival time ? It seems should be updated in period. > > -Ben(jamin) > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
