Based on feedback that I received from the FATT, I separated the discussion of confidentiality and authentication. The inclusion of the external PSK offers some confidentiality protection against the future invention of a CRQC, but the external PSK does not improve authentication.
I hope this change allows the WG Last Call to complete. Russ > On Feb 22, 2025, at 2:52 PM, internet-dra...@ietf.org wrote: > > Internet-Draft draft-ietf-tls-8773bis-04.txt is now available. It is a work > item of the Transport Layer Security (TLS) WG of the IETF. > > Title: TLS 1.3 Extension for Using Certificates with an External > Pre-Shared Key > Author: Russ Housley > Name: draft-ietf-tls-8773bis-04.txt > Pages: 15 > Dates: 2025-02-22 > > Abstract: > > This document specifies a TLS 1.3 extension that allows TLS clients > and servers to authenticate with certificates and provide > confidentiality based on encryption with a symmetric key from the > usual key agreement algorithm and an external pre-shared key (PSK). > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-8773bis/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-tls-8773bis-04 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-8773bis-04 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
