On 20/07/18 10:38, Eric Rescorla wrote: > The issue is not cross-protocol attacks; it's the reuse of PSKs with > different KDFs, which we don't have any analysis for and which the TLS > 1.3 document prohibits. Can you supply the reference for that prohibition? Thanks Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] on sharing PSKs between TLS 1.2 and TLS 1.3 Benjamin Kaduk
- Re: [TLS] on sharing PSKs between TLS 1.2 and... Nikos Mavrogiannopoulos
- Re: [TLS] on sharing PSKs between TLS 1.2... Eric Rescorla
- Re: [TLS] on sharing PSKs between TLS... Matt Caswell
- Re: [TLS] on sharing PSKs between... Ilari Liusvaara
- Re: [TLS] on sharing PSKs be... Eric Rescorla
- Re: [TLS] on sharing PSKs between TLS... Nikos Mavrogiannopoulos
- Re: [TLS] on sharing PSKs between... Eric Rescorla
- Re: [TLS] on sharing PSKs be... Karthikeyan Bhargavan
- Re: [TLS] on sharing PSKs between... David Benjamin
- Re: [TLS] on sharing PSKs be... Ilari Liusvaara
- Re: [TLS] on sharing PSK... Jonathan Hoyland
- Re: [TLS] on sharing PSKs be... Matt Caswell
- Re: [TLS] on sharing PSKs be... Nikos Mavrogiannopoulos
