On Fri, Jul 07, 2017 at 03:40:03PM -0400, Russ Housley wrote: > > - PFS or pure-PSK only. > > > > Small things can't do PFS unfortunately. > > The TLS WG wants to work on a a way to combine a PSK with (EC)DH > after the current specification is finished for quantum protection.
Well, PSK with DH does provode classical PFS. And did you perhaps mean using PSK with DH and certificates? Because both TLS 1.2 and TLS 1.3 can combine PSK with DH, but not all three of PSK, DH and certificate all at once. -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
