On Fri, Mar 11, 2016 at 10:21 AM, Kyle Nekritz <knekr...@fb.com> wrote:
> Note: it’s also useful for the server to know which edge cluster the early > data was intended for, however this is already possible in the current > draft. In ECDHE 0-RTT server configs can be segmented by cluster, and with > tickets, the server can store cluster information in the opaque ticket. Shouldn't the server also put a 0-RTT timestamp in the opaque ticket and then implement the same time limiting you suggest using that timestamp? That way, the timestamp would be authenticated and would not leak the client's system time information. Note that this would be better than relying on HTTP timestamps because it would work for any protocol, not just HTTP. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
