On 10/29/2018 9:56 PM, Martin Thomson wrote: > You should do something more concrete with the label parameter. Keep > in mind that both client and server need to agree on a use for this, > so my initial intuition to put the server identity might not work, but > it could be a start. The problem being that how the client identifies > the server might not be something it shares with the server.
There is also a privacy issue with the external identifiers. For session tickets, this is solved by only using a given resume ticket once, but that's harder with external PSK. -- Christian Huitema _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls