> On May 31, 2019, at 5:31 PM, Geoff Keating <geo...@geoffk.org> wrote: > > > >> On 21 May 2019, at 2:08 pm, Hugo Krawczyk <h...@ee.technion.ac.il> wrote: >> >> A clarification on the text suggest below by Russ. >> >> The way I see it, the external PSK as used in >> draft-ietf-tls-tls13-cert-with-extern-psk is not intended as a means of >> authentication but as a way of regaining forward secrecy in case the (EC)DHE >> mechanism is ever broken (e.g., by cryptanalysis or by a quantum computer). > > It’s a bit problematic if the expected use of the draft is with > quantum-resistant certificates, because TLS doesn’t support those yet.
That is not the way I read Hugo's note, and that is certainly not called for by this draft. Quite the opposite. Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls