On 5/31/2019, 17:34, "TLS on behalf of Geoff Keating" <tls-boun...@ietf.org on
behalf of geo...@geoffk.org> wrote:
>> On 21 May 2019, at 2:08 pm, Hugo Krawczyk <h...@ee.technion.ac.il> wrote:
>>
>> A clarification on the text suggest below by Russ.
>>
>> The way I see it, the external PSK as used in
draft-ietf-tls-tls13-cert-with-extern-psk is not intended as
>> a means of authentication but as a way of regaining forward secrecy in
case the (EC)DHE mechanism
>> is ever broken (e.g., by cryptanalysis or by a quantum computer).
>
> It’s a bit problematic if the expected use of the draft is with
quantum-resistant
> certificates...This is not the intent/expected use. The intent is to protect the content of the session against being recorded now and decrypted later. In short, no problem.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
