>> From the browser side of things, 0-RTT is a solution to a very real >> problem. We are excited about TLS 1.3 supporting 0-RTT (or 0-RTT resumption) >> and converting QUIC to use the TLS 1.3 handshake as a result. > > ... > TCP in the works? (does TCPCT work on the client side?). Do you have any > human perception data; to people even notice the 3% at this point? (loading > google seems remarkably fast!). There's a very strong temptation to bias > for what's easy to measure here.
We also lack statistics on the other costs associated with security failures. The best I can tell, we have no idea of the impact if its not in US Financial. I wrote to the United Nations and Human Rights Watch a while back, and they don't appear to collect statistics on human rights violations after incidents like Diginotar. I can't help but wonder how many folks would agree to controls like Public Key Pinning with Overrides or 0-RTT if their well being and their family's well being were at stake. Jeff _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
