On Wed, 2018-05-16 at 11:30 +0200, Ander Juaristi wrote:
> El 2018-05-11 09:05, Nikos Mavrogiannopoulos escribió:
> > On Thu, 2018-05-10 at 11:46 -0400, Viktor Dukhovni wrote:
> > >
> > > Good to know. Does any implementation other than OpenSSL support
> > > external PSKs? How do you distinguish
El 2018-05-11 09:05, Nikos Mavrogiannopoulos escribió:
On Thu, 2018-05-10 at 11:46 -0400, Viktor Dukhovni wrote:
Good to know. Does any implementation other than OpenSSL support
external PSKs? How do you distinguish between external PSKs and
resumption PSKs?
gnutls does. For external PSKs I
On Thursday, 10 May 2018 17:46:40 CEST Viktor Dukhovni wrote:
> > On May 10, 2018, at 10:17 AM, Eric Rescorla wrote:
> >> Do you prepend some new "magic" to the (RFC5077 or similar) session
> >> tickets? Or just look for a matching STEK key name and let that be
> >> the "magic"?
> >
> > I would
On Thu, 2018-05-10 at 11:46 -0400, Viktor Dukhovni wrote:
> > On May 10, 2018, at 10:17 AM, Eric Rescorla wrote:
> >
> > > Do you prepend some new "magic" to the (RFC5077 or similar)
> > > session
> > > tickets? Or just look for a matching STEK key name and let that
> > > be
> > > the "magic"?
>
> -Original Message-
> From: TLS On Behalf Of Viktor Dukhovni
> Sent: Thursday, May 10, 2018 8:47 AM
> To: TLS WG
> Subject: Re: [TLS] TLS 1.3 multiple session tickets from the client?
>
>
>
> > On May 10, 2018, at 10:17 AM, Eric Rescorla wrote:
&g
On Thu, May 10, 2018 at 8:46 AM, Viktor Dukhovni
wrote:
>
>
> > On May 10, 2018, at 10:17 AM, Eric Rescorla wrote:
> >
> >> Do you prepend some new "magic" to the (RFC5077 or similar) session
> >> tickets? Or just look for a matching STEK key name and let that be
> >> the "magic"?
> >
> > I wou
> On May 10, 2018, at 10:17 AM, Eric Rescorla wrote:
>
>> Do you prepend some new "magic" to the (RFC5077 or similar) session
>> tickets? Or just look for a matching STEK key name and let that be
>> the "magic"?
>
> I would imagine, but NSS, at least, doesn't support external PSKs.
Good to k
On Thu, May 10, 2018 at 6:46 AM, Viktor Dukhovni
wrote:
>
>
> > On May 10, 2018, at 7:48 AM, Eric Rescorla wrote:
> >
> > The option for multiple PSKs is something that is used in pure PSK modes,
> > but I confess to not fully understanding the reasons you might use
> multiple
> > PSKs. I suspe
> On May 10, 2018, at 7:48 AM, Eric Rescorla wrote:
>
> The option for multiple PSKs is something that is used in pure PSK modes,
> but I confess to not fully understanding the reasons you might use multiple
> PSKs. I suspect that they are most useful during a key rollover.
>
> Also, resumpti
On Thu, May 10, 2018 at 2:23 AM, Martin Thomson
wrote:
> On Thu, May 10, 2018 at 2:11 PM Viktor Dukhovni
> wrote:
> > TLS 1.3 allows clients to send multiple PSK identities, with the server
> > choosing one. When, if every, might it make sense for the client to
> > send multiple session tickets
On Thu, May 10, 2018 at 2:11 PM Viktor Dukhovni
wrote:
> TLS 1.3 allows clients to send multiple PSK identities, with the server
> choosing one. When, if every, might it make sense for the client to
> send multiple session tickets to the server? If this is not expected,
> is it sufficiently odd
TLS 1.3 allows clients to send multiple PSK identities, with the server
choosing one. When, if every, might it make sense for the client to
send multiple session tickets to the server? If this is not expected,
is it sufficiently odd for a server to ignore any tickets after the
first (if that one
12 matches
Mail list logo