On 31 March 2016 at 12:41, Wan-Teh Chang <w...@google.com> wrote: > But if you already implemented the first row, which is a must, the > incremental effort to implement the second row seems small -- you just > need to use server static instead of server ephemeral for SS.
Someone recently suggested that handling the SSLv2-compatible ClientHello was similarly easy. It wasn't by any measure simple or straightforward. Sure, the request was entirely reasonable, but I now wish I had pushed back harder. This involves a different session transcript as input, all the machinery involved with the ServerConfiguration message, and all the switching logic associated with a new mode. I'd rather reduce this to the modes that we know that we need now, particularly since we know how we could retrofit a DH-based 0-RTT into a PSK-based protocol. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
