On Sep 27, 2018, at 12:55 AM, Ted Lemon <mel...@fugue.com> wrote: > Yup. Sorry about that. I just submitted a new version that I hope > addresses this request.
There's a mistake in the update—while I was working on the new text, I added a caveat about implicit sessions, but didn't notice that that had weakened the requirements on the client. I've addressed this with the following change, but will wait on your and Mirja's responses before resubmitting: - If a server receives a Fast Open message containing a DSO message - whose primary TLV is not permitted to appear in a Fast Open message, - the server MUST forcible abort the connection. If a client receives - a Fast Open message containing any DSO message, and there is no - implicit DSO session, the client MUST forcibly abort the connection. - If a server or client receives a Fast Open message that is not a TLS - 1.3 message, it MUST forcibly abort the connection. + If a client or server receives a Fast Open message containing a DSO + message whose primary TLV is not permitted to appear in a Fast Open + message, the server MUST forcible abort the connection. If a client + receives a Fast Open message containing any DSO message, and there is + no implicit DSO session, the client MUST forcibly abort the + connection. If a server or client receives a Fast Open message that + is not a TLS 1.3 message, it MUST forcibly abort the connection. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop