Section 4.2.2 'Cookie', does not seem quite prescriptive enough for a MTI
extension. It is unclear if the original client hello is supposed to be part of
the Handshake Transcript. (It is in the "Incorrect DHE Share" section, but
remains unspecified here). I'm willing to propose some text (either
On Sun, Dec 18, 2016 at 09:18:41PM +, Mehner, Carl wrote:
> It would also benefit from an example of what to put in the cookie,
> similar to RFC 6347. e.g. Cookie = HMAC(Secret, Client-IP, Handshake
> Transcript).
Well, most of the time, you don't want to use cookie field in TLS 1.3,
as it is
