> Original Text > ------------- > When a PSK is used and early data is allowed for that PSK > > Notes > ----- > I couldn't find restrictions that forbid early data for a PSK. Explaining > where such restrictions > could exist would be useful. E.g., PSKs might be associated with data that > forbids early data. >
That's an oversight on my part: The sole extension currently defined for NewSessionTicket is "early_data", indicating that the ticket may be used to send 0-RTT data The client may only send early data when permitted: When a PSK is used and early data is allowed for that PSK, the client can send Application Data in its first flight of messages. Servers don't appear to be forbidden from consuming early data when keys don't permit them to. Perhaps I've missed that too. Or perhaps it doesn't matter: If a client does something they aren't supposed to, then they're only compromising their own security.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
