https://github.com/tlswg/tls13-spec/issues/311
I initially added this to make it easier to determine the end of the 0-RTT handshake if the server had forgotten the key, but with content type encryption this is no longer relevant. I propose we remove this and simply use Handshake here, allowing the keying material to differentiate these. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
