On 31 March 2016 at 16:09, Ilari Liusvaara <ilariliusva...@welho.com> wrote: >> I think that option 1 is easy enough, since both sides have to extend the >> hash in any case. 3 is just complexity. > > Yeah, I agree 3 is just complexity. Except I disagree that currently > option 1 is easy enough, since the hash going to creating 0-RTT keys > is not tapped from the main hash (if it was, then continuing would be > the simplest).
Yeah, I should get this straight in my own mind as well. I was assuming that we were going to take something akin to Karthik's "contexts" proposal and that would eliminate the differences in hashes. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
