On Wed, Mar 30, 2016 at 3:57 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 31 Mar 2016 5:56 AM, "Ilari Liusvaara" <ilariliusva...@welho.com> > wrote: > > Then on topic of 0-RTT, how does 0-RTT key hashes behave if > > handshake is restarted (main handshake hash continues, but > > 0-RTT hash context currently needs to be separate from the > > main context)? > > Good question. I don't recall that being discussed. I see three options : > > 1. Continue the hash, just like in 1-RTT > > 2. Treat HelloRetryRequest as a denial of the entire first flight. > > 3. Signal the choice. > > Option 2 suits best if we consider HelloRetryRequest to be a DoS feature > exclusively or at least primarily. But we have other reasons for it and I > don't think that DoS mitigation is a big factor for TCP. > I believe Option #2 is simplest. -Ekr I think that option 1 is easy enough, since both sides have to extend the > hash in any case. 3 is just complexity. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
