On Fri, Mar 25, 2016 at 11:27 AM, Colm MacCárthaigh <c...@allcosts.net> wrote: > > +1 but I think we can go further here and specify 0RTT in such a way that > it only works when the server maintains state, and so that any given 0RTT > ticket may only be used once (to preserve forward secrecy as much as > possible within the constrains of 0RTT). >
I'm not enthusiastic about this. This seems like it would rule out a bunch of implementations which don't need that guarantee. -Ekr > > > -- > Colm > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
