The following errata report has been submitted for RFC9147,
"The Datagram Transport Layer Security (DTLS) Protocol Version 1.3".
--
You may review the report below and at:
https://www.rfc-editor.org/errata/eid8100
--
Type: Ed
Hi David,
Note I am not against draft-ietf-tls-key-share-prediction. It is definitely
better to not send unnecessary bytes on the wire.
> Yup. Even adding one PQ key was a noticeable size cost (we still haven't
> shipped Kyber/ML-KEM to mobile Chrome because the performance regression was
> mo
> Any numbers you have to showcase the regression and the relevant affected
web metrics?
Adding Kyber to the TLS handshake increased TLS handshake latency by 4% on
desktop [1] and 9% on Android at P50, and considerably higher at P95. In
general, Cloudflare found that every 1K of additional data ad
Hi all,
I noticed another issue with the DTLS 1.3 ACK design. :-)
So, DTLS 1.3 uses ACKs. DTLS 1.2 does not use ACKs. But you only learn what
version you're speaking partway through the lifetime of the connection, so
there are some interesting corner cases to answer. As an illustrative
example, I
