On Thu, Sep 19, 2019 at 11:49 PM Nico Williams <n...@cryptonector.com> wrote: > > On Thu, Sep 19, 2019 at 04:57:17PM -0400, Richard Barnes wrote: > > I don't think anyone's asking for these cases to be differentiable on the > > wire. The question is whether the *server* can differentiate, in > > particular, the application running on the server. > > And the answer to that one is "yes", because the server has control over > the PSK IDs.
You are making a lot of implicit assumptions for that. Consider a "server" consisting of multiple front end implementations all connected to a DB back-end. Does that "server" has control over PSK IDs? A server can also be replaced on an upgrade with a different implementation, or a different version of the implementation, does that also guarantee that the server still has control over the PSK IDs? It looks to me like a hard problem to tackle except for few straightforward cases. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls