Sure, those are fine weasel words. But do we really want to allow into this
protocol something that can be misused with security implications in a protocol
that’s attempting to solve a security problem? I really don’t know. I’m
inclined to say, ‘no’ though. For all those same reasons that IP
> On May 4, 2017, at 5:35 PM, Watson Ladd wrote:
>
> 0-RTT is opt-in per protocol
…and at the end of the day, that’s the only reason I’d agree to this.
Derrell
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
> On Jul 19, 2017, at 6:02 PM, Yoav Nir wrote:
>
> At the very least, a standards-track multi-party protocol like that can be
> something that standards like PCI, HIPAA and others can latch on to and say
> “Do TLS 1.3 without backdoors unless you really need to and in that case use
> *this*”.
