On Sun, Dec 6, 2015 at 11:39 AM, Eric Rescorla <e...@rtfm.com> wrote:
> With PSK-DHE over 0-RTT, would we use the static DHE server share for the >> first resume flight? >> > > No. In All PSK-DHE modes, the PSK is used as SS. > That's cool. I need to re-read the spec more carefully. > >> You're talking about the single byte that indicates an empty session id? > That doesn't seem like > it's a big source of inefficiency. > Ah... I did not realize it is u8-length encoded. One byte bothers me a lot less. > > I guess another question is: Do we care about strong client authentication >> enough to support it in a 0-RTT world? The default solution when using TLS >> 1.3 is for companies that use security keys to never use 0-RTT >> authentication. That's not the end of the world, but I imagine that having >> to support 0-RTT for regular users, and forcing 1-RTT for employees and >> users who choose a higher level of security is going to be a complication. >> > > Yes, I think it's important, especially for WebRTC. > OK... one more spec to read. > >> I still think some more text describing 0-RTT implementation techniques >> would be a good thing. It really does read as if the spec is saying that >> servers SHOULD NOT support 0-RTT. I've never read a security warning like >> that which did not have a SHOULD NOT associated with it. Of course, I >> haven't read that many IETF specs yet :) >> > > I'll but it on my TODO list but I would definitely welcome a PR here. > > Thanks, > -Ekr > > I'll see if I can put together some text that would help me understand a bit better, though as you can see from my emails so far, writing is not my strong suit. Bill
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
