On Thu, May 10, 2018 at 6:46 AM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > > > On May 10, 2018, at 7:48 AM, Eric Rescorla <e...@rtfm.com> wrote: > > > > The option for multiple PSKs is something that is used in pure PSK modes, > > but I confess to not fully understanding the reasons you might use > multiple > > PSKs. I suspect that they are most useful during a key rollover. > > > > Also, resumption of sessions created with PSKs > > So I am not hearing any intent to support multiple resumption PSKs > (session tickets) in the same handshake. > > How are TLS 1.3 server implementations approaching distinguishing > between external PSK identities and (RFC5077) resumption PSKs, so > that one does not end up looking for RFC5077 key names to decrypt > an external PSK, or pass resumption PSKs to the code that implements > external PSKs? > > Do you prepend some new "magic" to the (RFC5077 or similar) session > tickets? Or just look for a matching STEK key name and let that be > the "magic"? > I would imagine, but NSS, at least, doesn't support external PSKs. -Ekr > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
