On 5/31/2019, 17:34, "TLS on behalf of Geoff Keating" <tls-boun...@ietf.org on behalf of geo...@geoffk.org> wrote: >> On 21 May 2019, at 2:08 pm, Hugo Krawczyk <h...@ee.technion.ac.il> wrote: >> >> A clarification on the text suggest below by Russ. >> >> The way I see it, the external PSK as used in draft-ietf-tls-tls13-cert-with-extern-psk is not intended as >> a means of authentication but as a way of regaining forward secrecy in case the (EC)DHE mechanism >> is ever broken (e.g., by cryptanalysis or by a quantum computer). > > It’s a bit problematic if the expected use of the draft is with quantum-resistant > certificates...
This is not the intent/expected use. The intent is to protect the content of the session against being recorded now and decrypted later. In short, no problem.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls