The issue is that PSK mode doesn't authenticate an identity, so messages can be rerouted between recipients that have the same PSK. In a way that's obvious, like sharing certs on servers, but there's a less thought-of case too where a message can be reflected back to the sender.
-
-
Show this thread
-
PSK = Pre Shared Key. Which is when you configure TLS clients and servers to trust each other based on a (long) shared password. The issue doesn't come up at all if you use SNI or combine PSK with regular certs.
Show this thread -
I mentioned resumption. because in TLS1.3 session resumption uses the underlying PSK mode. The issue doesn't come up in that case because the PSKs used for resumption mode are exclusively pair-wise. TLS1.3 is still in the best shape we know of any TLS version.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.