On 31 March 2016 at 09:59, Eric Rescorla <e...@rtfm.com> wrote: >> Option 2 suits best if we consider HelloRetryRequest to be a DoS feature >> exclusively or at least primarily. But we have other reasons for it and I >> don't think that DoS mitigation is a big factor for TCP. > > > I believe Option #2 is simplest.
I didn't mention this because I was composing on a phone at the time, but we have to decide whether to allow a second attempt at 0-RTT. If we do, then the effect is a two round trip setback. I think that the odds of this happening are small, so I'm OK with it, but I wanted to highlight that. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
