Thinking about this... One option would be like 2 on the slides (the overstriked one!), except:
- The message is synthethized, not actually sent on wire (but still logged). - It only happens after the last ClientHello. - It uses the actual PSK, even if not #0. Maybe I should have listened to the talk more carefully, but the reason I got for overstriking the second option was that it is unimplementable in practice. Of course, dunno if the changes would actually fix the problems with PSK contexts... -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
