On Sun, Mar 13, 2016 at 3:51 PM, Yoav Nir <ynir.i...@gmail.com> wrote:
> > > On 13 Mar 2016, at 4:45 PM, Salz, Rich <rs...@akamai.com> wrote: > > > >> I also think it is prudent to assume that implementers will turn on > replayable > >> data even if nobody has figured out the consequences. > > > > I very much agree. Customers, particularly those in the mobile field, > will look at this and say "I can avoid an extra RTT? *TURN IT ON*" without > fully understanding, or perhaps even really caring about, the security > implications. > > Perhaps, and I think IoT devices are likely to do so as well. > > Is OpenSSL going to implement this? Are all the browsers? > There are already patches in preparation for this for NSS and I expect Firefox to implement it, as long as we have any indication that a reasonable numbers of servers will accept it. -Ekr > (only the first one is directed specifically at you, Rich…) > > Yoav > > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
