On 4 January 2017 at 12:02, Benjamin Kaduk <bka...@akamai.com> wrote: > I also had the sense that ekr noted that we didn't want to do this in the > core spec. > So, could you point me more clearly at what you would want to change in the > core spec that would allow doing the thing you want to see done in a future > document? (Is it just removing "i.e., when a PSK is not in use"?)
I for one am interested in having a mode that allows for PSK+cert, but it's hard to reason through. It falls into the same bucket as additive *server* authentication, which has the same inherent problems. Foremost being a solid analysis. Mechanically, it is fairly simple to add as an extension. That makes me confident that we can do this later. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls