On Mon, Aug 31, 2015 at 09:18:34AM -0700, Eric Rescorla wrote: > On Mon, Aug 31, 2015 at 9:13 AM, Nico Williams <n...@cryptonector.com> > wrote: > > I'm not sure how I feel about this. The idea that we always do a DH key > > exchange and always have a server signature means we can greatly reduce > > the number of ciphersuites, so that's quite helpful. We'd have to apply > > this to PSK too to make it really worthwhile. > > Certainly it would be nice to get rid of PSK too but just getting rid of > DH_anon makes a non-trivial difference.
How would we get rid of PSK [without DH]? What would the impact be on IoT devices? Could we have a fake-DH-and-signature PSK scheme to make it easy on IoTs? Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls