The OPTLS paper (preprint) explaining the rationale of the protocol and its analysis is posted here: http://eprint.iacr.org/2015/978.
The OPTLS design provides the basis for the handshake modes specified in the current TLS 1.3 draft including 0-RTT, 1-RTT variants, and PSK modes (client authentication is not covered). OPTLS dispenses with elements that are not essential to achieve the basic cryptographic security of the protocol. By following such a "minimalistic" approach, the OPTLS design provides the flexibility of building different protocol variants that provide varied performance trade-offs and security features. Some of these variants give rise to the current TLS 1.3 modes while others may be useful in the future. In the latter class it is worth noting the ability to obtain a protocol that completely eliminates online signatures while keeping most of TLS 1.3 unchanged. The analysis part of the paper covers the basics of key exchange security. More comprehensive analyses including validation of TLS 1.3 specifications and implementations is expected to be covered by future work. We would like to take this opportunity to thank the TLS Working Group for insightful discussions and invaluable feedback that led to this work. Hoeteck and Hugo
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
