On Thu, May 10, 2018 at 2:23 AM, Martin Thomson <[email protected]> wrote:
> On Thu, May 10, 2018 at 2:11 PM Viktor Dukhovni <[email protected]> > wrote: > > TLS 1.3 allows clients to send multiple PSK identities, with the server > > choosing one. When, if every, might it make sense for the client to > > send multiple session tickets to the server? If this is not expected, > > is it sufficiently odd for a server to ignore any tickets after the > > first (if that one is not usable)? > > NSS only looks at the first PSK offered by clients. That is because we > primarily use PSK for session resumption. I think that others do the > same. I don't think that it makes a whole lot of sense to attempt to use > multiple PSKs in the context of resumption. > > The option for multiple PSKs is something that is used in pure PSK modes, > but I confess to not fully understanding the reasons you might use multiple > PSKs. I suspect that they are most useful during a key rollover. > Also, resumption of sessions created with PSKs -Ekr > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
