> On 13 Mar 2016, at 4:45 PM, Salz, Rich <rs...@akamai.com> wrote: > >> I also think it is prudent to assume that implementers will turn on >> replayable >> data even if nobody has figured out the consequences. > > I very much agree. Customers, particularly those in the mobile field, will > look at this and say "I can avoid an extra RTT? *TURN IT ON*" without fully > understanding, or perhaps even really caring about, the security > implications.
Perhaps, and I think IoT devices are likely to do so as well. Is OpenSSL going to implement this? Are all the browsers? (only the first one is directed specifically at you, Rich…) Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
