On the subject of clarification, the update also needs to explain why PSK is split across two separate extensions, psk_key_exchange_modes and pre_shared_key, with complex and awkward reconciliation rules between then, and why the PSK has to be the last extension in the client hello. I can't see any reason for either of those two, which in particular for the latter one means why would an implementation follow that apparently pointless requirement? Is this codifying someone's implementation bug? Do demons fly out of your nose if it's not the last extension?
Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls