On Wed, Oct 21, 2015 at 3:52 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> I'm not sure that I follow. Are all the records in 0RTT going to use > a content of handshake, or just the > Certificate/CertificateVerify/Finished? I assume that you meant just > the handshake messages, in which case yes, this is OK. Yes. The application data would be application_data, etc. > It does make > identification of what goes into the handshake hash marginally more > difficult. > > With your client authentication changes, you could just concatenate up > everything with content type of handshake. Now you have to be a > little more selective. I don't think this will make the implementation that hard :) -Ekr On 21 October 2015 at 15:44, Eric Rescorla <e...@rtfm.com> wrote: > > https://github.com/tlswg/tls13-spec/issues/311 > > > > I initially added this to make it easier to determine the end of the > 0-RTT > > handshake if the server had forgotten the key, but with content type > > encryption > > this is no longer relevant. I propose we remove this and simply use > > Handshake here, allowing the keying material to differentiate these. > > > > -Ekr > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
