clarify use of the PSK API

mlswg · Oct 23, 2023 · 701f3c6 · 701f3c6
1 parent cd98b9d
commit 701f3c6
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/draft-ietf-mls-extensions.md b/draft-ietf-mls-extensions.md
@@ -257,11 +257,20 @@ MUST be set to the ExtensionType of the implemented extension.
 
 ### Pre-Shared Keys (PSKs)
 
-An extension can use MLS to enforce that all group members have access to and
-agree on potentially secret information exchanged out of band, e.g. a password or
-a shared file.
+PSKs represent key material that is injected into the MLS key schedule when
+creating or processing a commit as defined in Section 8.4 of {{!RFC9420}}. Its
+injection into the key schedule means that all group members have to agree on
+the value of the PSK.
+
+While PSKs are typically cryptographic keys which due to their properties add to
+the overall security of the group, the PSK mechanism can also be used to ensure
+that all members of a group agree on arbitrary pieces of data represented as
+octet strings (without the necessity of sending the data itself over the wire).
+For example, an extension can use the PSK mechanism to enforce that all group
+members have access to and agree on a password or a shared file.
+
 This is achieved by creating a new epoch via a PSK proposal. Transitioning to
-the new epoch requires using the (secret) information agreed upon.
+the new epoch requires using the information agreed upon.
 
 To facilitate using PSKs in a safe way, this document defines a new PSKType for
 extensions. This provides domain separation between pre-shared keys used by the