> If the PSK does get additionally purposed for encryption, please make sure > to use a modern key derivation hierarchy to provide separation between the > authentication and encryption usages. I would venture to say we wouldn’t use the PSK for that. Our options are to negotiate a shared session key with the asymmetric keys already being used, use DTLS or TLS, or use lisp-crypto and have control messages encapsulated I the LISP data-plane. And yes, the later has 6 cipher suites with combinations of all the latest and greatest in Crypto (but not Edward Curves). Dino
