> On May 10, 2018, at 11:46 AM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
>
>> I would imagine, but NSS, at least, doesn't support external PSKs.
>
> Good to know. Does any implementation other than OpenSSL support
> external PSKs? How do you distinguish between external PSKs and
> resumption PSKs?
So no need to distinguish in either NSS or Mint. Anyone else?
On a related note, should a client sending both a resumption and
an external PSK place the resumption PSK first in the list of
PSK identities? My concern is that server implementations might
otherwise recognize the external PSK first, and then not even
look at the resumption PSK. Is that a valid concern?
Should server implementations first see if any of the PSKs
are resumption PSKs before considering the rest?
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
