John: Okay, I misread the first note. Sorry for the noise.
Russ > On Apr 1, 2019, at 5:29 PM, John Mattsson <[email protected]> wrote: > > Hi Russ, > > I was not talking about certificates at all. My comment was about using both > external_identity and one of its derived ImportedIdentity in OfferedPsks > > draft-wood-tls-external-psk-importer-01: > > struct { > opaque external_identity<1...2^16-1>; > opaque label<0..2^8-1>; > HashAlgorithm hash; > } ImportedIdentity; > > > RFC 8446: > > struct { > PskIdentity identities<7..2^16-1>; > PskBinderEntry binders<33..2^16-1>; > } OfferedPsks; > > struct { > opaque identity<1..2^16-1>; > uint32 obfuscated_ticket_age; > } PskIdentity; > > John > > From: Russ Housley <[email protected] <mailto:[email protected]>> > Date: Monday, 1 April 2019 at 22:47 > To: John Mattsson <[email protected] > <mailto:[email protected]>> > Cc: "[email protected] <mailto:[email protected]>" <[email protected] <mailto:[email protected]>> > Subject: Re: [TLS] Comments on draft-wood-tls-external-psk-importer-01 > > John: >> >> The draft should make clear if the External PSK and external identity can be >> used together with the imported identities. > > I think that draft-ietf-tls-tls13-cert-with-extern-psk would be needed with > TLS 1,3 for the certificate-based authentication to be used with an external > PSK. > > Russ
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
