This is the right sentiment. Some editorial comments inline. On Thu, Aug 2, 2018 at 11:57 AM Christopher Wood <[email protected]> wrote: > In addition, while constructions in TLS 1.2 and TLS 1.3, although both > based on HMAC, are very different and there is no known way in which > reuse of the same PSK in TLS 1.3 and TLS 1.2 would produce related > output, only limited analysis has been done of the safety of this > practice.
I had some difficultly parsing this sentence. I think that it is two: The constructions in TLS 1.2 and TLS 1.3 are different, although they both based on HMAC. Though there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. > Future > work such as [UNIVERSALPSK] or [SHAREDPSK] I would avoid citing specific drafts, particularly when we're still unsure about where we want to go (maybe we want both, or neither). I'd strike the "such as" bit here. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
