On 10/2/20 22:13, I wrote:
Please don't tell me all the current TLS 1.3 implementations
forgot to include the HelloRetryRequest in the transcript hash.
Is this the reason why Microsoft ditched Edge and rebuilt on
top of Chrome? There must have been a bug bounty for this.
Are there still bug bo
On Fri, 02 Oct 2020 14:15:48 -0400
"Michael D'Errico" wrote:
> > > You can't possibly implement [stateless HelloRetryRequest] the
> > > way the spec suggests with just a hash in a HRR cookie extension.
Lots of people have and it works just fine, so it seems to me that "You
can't possibly" here m
On 10/3/20 16:12, Nick Lamb wrote:
You can't possibly implement [stateless HelloRetryRequest] the
way the spec suggests with just a hash in a HRR cookie extension.
Lots of people have and it works just fine, so it seems to me that "You
can't possibly" here means something closer to "I still don'
