I gave it a try, see https://github.com/tlswg/tls13-spec/pull/668/commits/91e5b39e5f0ce62a90effdbaf4e3c90ed0d81245
Ciao Hannes On 10/10/2016 11:59 PM, Eric Rescorla wrote: > I agree with MT. Hannes, if you want to clean up the text to take into > account MT's comments, I will merge > > On Sat, Sep 10, 2016 at 3:35 AM, Martin Thomson > <martin.thom...@gmail.com <mailto:martin.thom...@gmail.com>> wrote: > > On 9 September 2016 at 23:37, Hannes Tschofenig > <hannes.tschofe...@gmx.net <mailto:hannes.tschofe...@gmx.net>> wrote: > > I am wondering why I cannot use Zero-RTT with just PSK-based > authentication > > (without a prior ticket change). > > I think that you would need to bind more things to the key in that > case, but I assume that it would be OK if you did so. You already > need to pair a PSK with a hash, but if you paired it with a whole > cipher suite instead and also the ALPN (which could be null), then I > see no reason not to permit 0-RTT for pure PSK. (I think that cipher > suite + ALPN is sufficient, but someone can correct me if I missed > anything.) > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > <https://www.ietf.org/mailman/listinfo/tls> > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls