Classification: UNCLASSIFIED I realize publication has been requested for this draft, but I have a few comments that the author might want to address, if still possible.
1. The draft says that if none of the PSKs provided by the client are acceptable to the server, then the extension must be omitted from the ServerHello message. Nothing is said about how the client should behave if it receives this: continue or abort with what error code? 2. It can be detected if two PSK identifiers sent in the same ClientHello have the same PSK value by observing the binder values. Granted, I can't think why this would occur, but it might be important to point this out in the Security Considerations in order for implementers to be clear about security guarantees. 3. Section 4, paragraph 3 states that "If none of the external PSKs in the list provided by the client is acceptable to the server, then the "tls_cert_with_extern_psk" extension is omitted from the ServerHello message." Section 5 has a similar statement but using the word "MUST": "If none of the offered external PSKs in the list provided by the client are acceptable to the server, then the "tls_cert_with_extern_psk" extension MUST be omitted from the ServerHello message." These statements should be consistent in the requirement language. 4. Section 5, paragraph starting with "The identities are a list of external PSK identities...": s/identities may be know to other parties/identities may be known to other parties Best regards, Jonathan -- Jonathan Hammell Canadian Centre for Cyber Security [email protected]
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
