> On Mar 1, 2023, at 11:29 PM, Peter Gutmann <[email protected]> wrote:
>
> Chuck Lever III <[email protected]> writes:
>
>> We're implementing TLSv1.3 support for PSK and note there is a capability in
>> the PSK extension described in S 4.2.11 for sending a list of identities. We
>> don't find support for a list of alternate identities implemented in user
>> space TLS libraries such as GnuTLS or OpenSSL. Is there a known reason for
>> that omission?
>
> If it's the same as similar locations in previous versions of TLS where it's
> possible to specify a list of X instead of just an X then it could be because
> no-one has any idea why you'd specify a list of X, or what to do with it if
> one does turn up. There are several fields where, in the past, we've had
> users ask what to do with them and it turned out, after some testing, that the
> answer is "whatever you want" because the other side pays no attention
> whatsoever to what's in there.
I don't have details, but the NVMe/TCP specification suggests that
it can make use of multiple PSK identities during a TLS handshake.
--
Chuck Lever
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
