John:
Okay, I misread the first note. Sorry for the noise.
Russ
> On Apr 1, 2019, at 5:29 PM, John Mattsson <john.matts...@ericsson.com> wrote:
>
> Hi Russ,
>
> I was not talking about certificates at all. My comment was about using both
> external_identity and one of its derived ImportedIdentity in OfferedPsks
>
> draft-wood-tls-external-psk-importer-01:
>
> struct {
> opaque external_identity<1...2^16-1>;
> opaque label<0..2^8-1>;
> HashAlgorithm hash;
> } ImportedIdentity;
>
>
> RFC 8446:
>
> struct {
> PskIdentity identities<7..2^16-1>;
> PskBinderEntry binders<33..2^16-1>;
> } OfferedPsks;
>
> struct {
> opaque identity<1..2^16-1>;
> uint32 obfuscated_ticket_age;
> } PskIdentity;
>
> John
>
> From: Russ Housley <hous...@vigilsec.com <mailto:hous...@vigilsec.com>>
> Date: Monday, 1 April 2019 at 22:47
> To: John Mattsson <john.matts...@ericsson.com
> <mailto:john.matts...@ericsson.com>>
> Cc: "TLS@ietf.org <mailto:TLS@ietf.org>" <TLS@ietf.org <mailto:TLS@ietf.org>>
> Subject: Re: [TLS] Comments on draft-wood-tls-external-psk-importer-01
>
> John:
>>
>> The draft should make clear if the External PSK and external identity can be
>> used together with the imported identities.
>
> I think that draft-ietf-tls-tls13-cert-with-extern-psk would be needed with
> TLS 1,3 for the certificate-based authentication to be used with an external
> PSK.
>
> Russ
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
