On Mon, Mar 28, 2016 at 3:49 PM, Ryan Hamilton <r...@google.com> wrote:
> We (Chrome) definitely want this (sending cookies in 0-RTT requests), and > are doing this today with QUIC (which we can't wait to TLS 1.3-ify). > I went to RealWorldCrypto 2016 and saw the TLS track and all of the analysis TLS 1.3 has received, and while it wasn't TRON, I can sympathize with why you might want TLS 1.3, namely the extensive analysis it is receiving as an up and coming cryptographic standard which is a clear choice for academic researchers to focus on. That said, I really don't understand Google's excitement to switch from QUIC's crypto to TLS 1.3. QUIC crypto seems like a much simpler and cleaner protocol which fulfills many of the same goals as TLS, and while it hasn't received as much scrutiny as TLS 1.3, it seems like it doesn't need as much by design due to its relative simplicity. I also understand Facebook is adding QUIC-crypto-over-TCP support to proxygen (there was also a talk at RWC2016) for use in their mobile apps as a stopgap for doing 0-RTT until such a time as 0-RTT ships in TLS 1.3. Can you speak to specific reasons why the Chrome team "can't wait to TLS 1.3-ify" over QUIC, specifically reasons different from the ones I have already highlighted above? -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
