On Fri, Mar 25, 2016 at 12:02 PM, Karthik Bhargavan < karthikeyan.bharga...@inria.fr> wrote:
> > +1 but I think we can go further here and specify 0RTT in such a way > that it only works when the server maintains state, and so that any given > 0RTT ticket may only be used once (to preserve forward secrecy as much as > possible within the constrains of 0RTT). > > Do you envision clients only having one resumption handshake at a time? I > was under the impression that TLS 1.2 clients typically open multiple > resumption handshakes in parallel, and that TLS 1.3 clients would want to > do the same. > It is common for existing clients to re-use the same ticket for many connections. This is at-odds with forward secrecy though :/ Clients could have many resumption tokens at a time though; e.g. they could ask for 10 and use each one once. It's just that each token is used once. So parallel resumptions could be supported. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
