On Mon, Mar 14, 2016 at 4:32 AM, Eric Rescorla <e...@rtfm.com> wrote:
> For 1. Raw data throughput could be improved by envelope encrypting the > early data; and transferring the envelope key only once the session has > been fully authenticated > 1. Client generates a random secret and uses it to derive encryption and mac keys. 2. Client encrypts its early data using this key. Sends more-or-less per 0-RTT in the existing draft. 3. Post-handshake; the client sends a new message - encrypting using the regular session key - which has the early data encryption and mac keys in it. 4. Server uses those keys to decrypt the early data; which it buffered. 5. Client and server both erase and forget the ephemeral early data keys. Useful if you want to upload a software update to Mars; maybe not to useful to others; it just helps you make the most of the TCP window. So it improves throughput, but not latency so much. Can you expand on this. Cryptographically, this is effectively how both the > DHE and PSK > modes work: you get a key in session N (which is authenticated) and you > use it > in session N+1. > Makes sense! -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
