On 22 December 2015 at 13:25, Christian Huitema <huit...@microsoft.com> wrote: >> Unless I'm confused (which is possible given the time of night), >> the intention, as you say, is to separate out the 0-RTT handshake >> messages i.e., (cert, cert verify, finished) from the 1-RTT computations. > > OK. That does not simplify implementations using running hashes...
It does if you consider the possibility of having to drop the 0-RTT data. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
