On Thu, Jan 28, 2016 at 05:36:22PM +0000, David Benjamin wrote: > On Wed, Jan 27, 2016 at 2:44 PM Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > > On Wed, Jan 27, 2016 at 07:28:47PM +0000, David Benjamin wrote: > > > On Tue, Jan 26, 2016 at 10:32 PM Martin Thomson < > > martin.thom...@gmail.com> > > > > I don't think the two situations have the same problems: > > - "Server 0-RTT" has _recipient_ identity change. > > - "Dynamic reauth" has _sender_ identity change. > > > > You have more concrete examples of things going wrong with "server > > 0-RTT"? Because I have major problems coming up with troublesome > > cases. > > > The client also has some 0-RTT data which, in the server 0-RTT case, the > server reports was accepted and processed. That all is associated with the > first identity rather than the second. So I believe we have sender identity > change in both cases.
The 0-RTT being sent under different identity than the application data does involve sending identity change, but what does it have to do with "server 0-RTT"? The client could do that (and run into trouble with badly designed protocols) without "server 0-RTT". -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
