> On May 10, 2018, at 7:48 AM, Eric Rescorla <[email protected]> wrote:
>
> The option for multiple PSKs is something that is used in pure PSK modes,
> but I confess to not fully understanding the reasons you might use multiple
> PSKs. I suspect that they are most useful during a key rollover.
>
> Also, resumption of sessions created with PSKs
So I am not hearing any intent to support multiple resumption PSKs
(session tickets) in the same handshake.
How are TLS 1.3 server implementations approaching distinguishing
between external PSK identities and (RFC5077) resumption PSKs, so
that one does not end up looking for RFC5077 key names to decrypt
an external PSK, or pass resumption PSKs to the code that implements
external PSKs?
Do you prepend some new "magic" to the (RFC5077 or similar) session
tickets? Or just look for a matching STEK key name and let that be
the "magic"?
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
