Hi Ted,

On Thu, Sep 27, 2018 at 01:03:21AM -0400, Ted Lemon wrote:
> On Sep 27, 2018, at 12:55 AM, Ted Lemon <mel...@fugue.com> wrote:
> > Yup.   Sorry about that.   I just submitted a new version that I hope 
> > addresses this request.
> 
> There's a mistake in the update—while I was working on the new text, I added 
> a caveat about implicit sessions, but didn't notice that that had weakened 
> the requirements on the client.   I've addressed this with the following 
> change, but will wait on your and Mirja's responses before resubmitting:
> 
> -   If a server receives a Fast Open message containing a DSO message
> -   whose primary TLV is not permitted to appear in a Fast Open message,
> -   the server MUST forcible abort the connection.  If a client receives
> -   a Fast Open message containing any DSO message, and there is no
> -   implicit DSO session, the client MUST forcibly abort the connection.
> -   If a server or client receives a Fast Open message that is not a TLS
> -   1.3 message, it MUST forcibly abort the connection.
> +   If a client or server receives a Fast Open message containing a DSO
> +   message whose primary TLV is not permitted to appear in a Fast Open
> +   message, the server MUST forcible abort the connection.  If a client
> +   receives a Fast Open message containing any DSO message, and there is
> +   no implicit DSO session, the client MUST forcibly abort the
> +   connection.  If a server or client receives a Fast Open message that
> +   is not a TLS 1.3 message, it MUST forcibly abort the connection.

The -16 (plus this) look great; exactly what I was looking for.  I'll go
clear my Discuss in the datatracker.

But just to double-check my understanding: the idea is that the TCP Fast
Open payloads will only be used when TLS 1.3 is in use, and some be
something like (client's first handshake flight + early data) and (server's
first handshake flight + 0.5-RTT data), with the DSO operations being in
the early data and 0.5-RTT data records' payloads?

Also, I don't remember if IANA likes to keep columns like our "Fast Open"
one blank for unassigned/reserved ranges.  But presumably they will tell
you :)

Thanks again,

Benjamin

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to