On Wed, 2016-09-21 at 17:46 +0000, Raja ashok wrote:
> [ashok]  : PSK Identity extension specified in our extension differs
> from the extension specified in TLS1.3. 

Agreed. I suspect it just makes sense to add a sentence to that effect,
to the draft?

> [ashok] : I feel sending the selected ID is better, otherwise while
> process "server hello" msg, client has to maintain the PSK ID list in
> the same order in which it sent. Already there was a discussion in
> TLS1.3 group for sending selected ID instead of index. 

Yes, I agree. In TLS1.3 it kind of makes sense, because the PSK
identifiers there can be huge — they are the full session ticket from
RFC5077. So it makes some sense to send back only an index. But in
TLS <= 1.2 when you're not (ab)using PSK for session resumption, that
motivation goes away and returning the identity itself seems
reasonable. But again, it's just worth calling out the differences
between TLSv1.3 for clarity.

There is also discussion of supporting only a *single* PSK identity in
TLSv1.3. If that happens, is there a real need for the extension to
permit more than one identity in TLS <= 1.2. 


Attachment: smime.p7s
Description: S/MIME cryptographic signature

TLS mailing list

Reply via email to