> -----Original Message----- > From: TLS <tls-boun...@ietf.org> On Behalf Of Martin Thomson > Sent: 04 September 2019 02:46 > To: tls@ietf.org > Subject: Re: [TLS] Binder key labels for imported PSKs > > > When we built the ext/res distinction, there was a clear problem expressed. > We had the potential for both to be used by the same servers at the same > time (though not for the same connection) and distinguishing between them > was important
Martin, maybe I am missing something in the threads on this. Is there anything explicit planned in ClientHello PreSharedKeyExtension or PskKeyExchangeModes to explicitly distinguish between ext/res PSKs? Or is it up to server implementation and how the server handles the opaque PskIdentity.identity? e.g. ImportedIdentity.external_identity fields could be stored in one DB table, and (ignoring https://tools.ietf.org/html/draft-ietf-tls-external-psk-importer-00#section-9 for now) the server on receipt of a ClientHello searches for PskIdentity.identity in its ImportedIdentity.external_identity table and if that lookup fails, then try to parse PskIdentity.identity as a NewSessionTicket.ticket? And the order of those two operations is of course implementation specific too. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
