On Wed, Jul 20, 2022 at 01:34:12PM +0200, Ben Smyth wrote: > Authentication feels weaker in PSK-mode: > > * A server proves possession of a (short-term) shared key, > > whereas, with certificate-based authentication, > > * A server proves possession of a (long-term) private key; > > should we consider PSK-mode authentication weaker than certificate-based > authentication? > > PSK-mode cannot be bolstered with certificate-based authentication: "In TLS > 1.3...either a PSK or a certificate is always used, but not both. Future > documents may define how to use them together." Have any such documents > emerged?
RFC 8773 does so. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls