Hi Ted, On Thu, Sep 27, 2018 at 01:03:21AM -0400, Ted Lemon wrote: > On Sep 27, 2018, at 12:55 AM, Ted Lemon <mel...@fugue.com> wrote: > > Yup. Sorry about that. I just submitted a new version that I hope > > addresses this request. > > There's a mistake in the update—while I was working on the new text, I added > a caveat about implicit sessions, but didn't notice that that had weakened > the requirements on the client. I've addressed this with the following > change, but will wait on your and Mirja's responses before resubmitting: > > - If a server receives a Fast Open message containing a DSO message > - whose primary TLV is not permitted to appear in a Fast Open message, > - the server MUST forcible abort the connection. If a client receives > - a Fast Open message containing any DSO message, and there is no > - implicit DSO session, the client MUST forcibly abort the connection. > - If a server or client receives a Fast Open message that is not a TLS > - 1.3 message, it MUST forcibly abort the connection. > + If a client or server receives a Fast Open message containing a DSO > + message whose primary TLV is not permitted to appear in a Fast Open > + message, the server MUST forcible abort the connection. If a client > + receives a Fast Open message containing any DSO message, and there is > + no implicit DSO session, the client MUST forcibly abort the > + connection. If a server or client receives a Fast Open message that > + is not a TLS 1.3 message, it MUST forcibly abort the connection.
The -16 (plus this) look great; exactly what I was looking for. I'll go clear my Discuss in the datatracker. But just to double-check my understanding: the idea is that the TCP Fast Open payloads will only be used when TLS 1.3 is in use, and some be something like (client's first handshake flight + early data) and (server's first handshake flight + 0.5-RTT data), with the DSO operations being in the early data and 0.5-RTT data records' payloads? Also, I don't remember if IANA likes to keep columns like our "Fast Open" one blank for unassigned/reserved ranges. But presumably they will tell you :) Thanks again, Benjamin _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop