On Mon, Mar 14, 2016 at 11:04 AM, Subodh Iyengar <sub...@fb.com> wrote: > > Like Kyle mentioned the thing that 0-RTT adds to this is infinite > replayability. As mentioned in the other thread we have ways to reduce the > impact of infinite replayable data for TLS, making it reasonably replay > safe. >
That too is a mis-understanding. The deeper problem is that a third party can do the replay, and that forward secrecy is gone for what likely is sensitive data. Neither is the case with ordinary retries. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
