Hi Russ,
I was not talking about certificates at all. My comment was about using both
external_identity and one of its derived ImportedIdentity in OfferedPsks
draft-wood-tls-external-psk-importer-01:
struct {
opaque external_identity<1...2^16-1>;
opaque label<0..2^8-1>;
HashAlgorithm hash;
} ImportedIdentity;
RFC 8446:
struct {
PskIdentity identities<7..2^16-1>;
PskBinderEntry binders<33..2^16-1>;
} OfferedPsks;
struct {
opaque identity<1..2^16-1>;
uint32 obfuscated_ticket_age;
} PskIdentity;
John
From: Russ Housley <[email protected]>
Date: Monday, 1 April 2019 at 22:47
To: John Mattsson <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [TLS] Comments on draft-wood-tls-external-psk-importer-01
John:
The draft should make clear if the External PSK and external identity can be
used together with the imported identities.
I think that draft-ietf-tls-tls13-cert-with-extern-psk would be needed with TLS
1,3 for the certificate-based authentication to be used with an external PSK.
Russ
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
