> On Jun 4, 2020, at 12:37 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > On Thu, Jun 4, 2020 at 9:24 AM Russ Housley <hous...@vigilsec.com > <mailto:hous...@vigilsec.com>> wrote: > Eric: > >>> On Wed, Jun 3, 2020 at 6:07 PM Martin Thomson <m...@lowentropy.net >>> <mailto:m...@lowentropy.net>> wrote: >>> I think that this is a useful erratum and it should be approved/HFDU. The >>> extension to which this text alludes is RFC 8773, not post_handshake_auth. >>> >>> Yes, although 8773 actually is not super-clear about post-handshake, so >>> that's actually something we should clarify there. >> >> RFC 8773 is not intended for post handshake. So, I never thought about >> that. What is the use case you are considering? >> >> I don't have one. I'm just trying to make sure things are clear. perhaps an >> erratum on 8773 to make ultra clear? > > I do not find it unclear. > > I am looking at 5.2 which seems like it could be more precise. > > > What do you have in mind? > > Changing: > TLS 1.3 does not permit the server to send a CertificateRequest > message when a PSK is being used. This restriction is removed when > the "tls_cert_with_extern_psk" extension is negotiated, allowing > certificate-based authentication for both the client and the > server. To: TLS 1.3 does not permit the server to send a > CertificateRequest message when a PSK is being used. This restriction > is removed when the "tls_cert_with_extern_psk" extension is > negotiated, allowing certificate-based authentication for both the > client and the server. > > To: > TLS 1.3 does not permit the server to send a CertificateRequest > message when a PSK is being used. This restriction is removed when > the "tls_cert_with_extern_psk" extension is negotiated, allowing > certificate-based authentication for both the client and the > server. To: TLS 1.3 does not permit the server to send a > CertificateRequest message when a PSK is being used. This > restriction is removed for the main handshake when the > "tls_cert_with_extern_psk" extension is negotiated, allowing > certificate-based authentication for both the client and the > server. This extension has no impact on external PSK usage > with post-handshake authentication, which is prohibited by > TLS 1.3.
This works for me. I wonder if "initial handshake" would be better than "main handshake" Russ
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls