I'm not sure that I follow. Are all the records in 0RTT going to use a content of handshake, or just the Certificate/CertificateVerify/Finished? I assume that you meant just the handshake messages, in which case yes, this is OK. It does make identification of what goes into the handshake hash marginally more difficult.
With your client authentication changes, you could just concatenate up everything with content type of handshake. Now you have to be a little more selective. On 21 October 2015 at 15:44, Eric Rescorla <e...@rtfm.com> wrote: > https://github.com/tlswg/tls13-spec/issues/311 > > I initially added this to make it easier to determine the end of the 0-RTT > handshake if the server had forgotten the key, but with content type > encryption > this is no longer relevant. I propose we remove this and simply use > Handshake here, allowing the keying material to differentiate these. > > -Ekr > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
