> I also think it is prudent to assume that implementers will turn on > replayable > data even if nobody has figured out the consequences.
I very much agree. Customers, particularly those in the mobile field, will look at this and say "I can avoid an extra RTT? *TURN IT ON*" without fully understanding, or perhaps even really caring about, the security implications. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
