On Tuesday, July 21, 2015 07:04:14 am Eric Rescorla wrote:
> struct {
> select (Role) {
> case client:
> opaque identifier<0..2^16-1>;
> CipherSuite cipher_suite; // NEW
> Extension extensions<0..2^16-1>; // NEW
>
> case server:
> struct {};
> }
> } KnownConfigurationExtension
>
> The server would just need one configuration for each public key and
> woudldn't need to have any client-specific state. It also has the
> benefit that it makes PSK work with 0-RTT.
>
> Thoughts? Improvements?
A simple suggested improvement: name the fields clearly to indicate what they
are.
e.g.
opaque server_configuration_identifier<0..2^16-1>;
CipherSuite early_data_cipher_suite;
Extension cached_server_extensions<0..2^16-1>;
Use this same ID field name in ServerConfiguration.
Also, why is this ID allowed to be so big? It's extreme overkill now that it's
down to one config per pub key, with nothing client specific. It doesn't need a
string with a 16-bit length; it barely needs a single 16-bit integer.
Dave
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
