Hannes, No, the proposal is to remove both EC and non-EC DHE 0-RTT profiles.
The only way to do 0-RTT would be with a PSK (in both PSK and PSK-(EC)DHE modes). However, this would include PSKs established via a previous session, i.e., resumption-PSK. -Ekr On Thu, Mar 31, 2016 at 5:20 AM, Hannes Tschofenig < hannes.tschofe...@gmx.net> wrote: > Hi Sean, > > just to make sure that I properly understand the question: You are > suggesting to remove the DHE support but not the ECDHE support from the > 0-RTT exchange. > > Removing the DHE support is fine for us (at ARM) since we are focused on > ECDHE for IoT devices. The DTLS/TLS profile and other IETF > specifications very much focused on ECDHE and do not consider the use of > DHE. > > Ciao > Hannes > > > On 03/29/2016 03:11 PM, Sean Turner wrote: > > All, > > > > To make sure we’ve got a clear way forward coming out of our BA > > sessions, we need to make sure there’s consensus on a couple of > > outstanding issues. So... > > > > There also seems to be (rougher) consensus not to support 0-RTT via > > DHE (i.e., semi-static DHE) in TLS 1.3 at this time leaving the only > > 0-RTT mode as PSK. The security properties of PSK-based 0-RTT and > > DHE-based 0-RTT are almost identical, but 0-RTT PSK has better > > performance properties and is simpler to specify and implement. Note > > that this does not permanently preclude supporting DHE-based 0-RTT in > > a future extension, but it would not be in the initial TLS 1.3 RFC. > > > > If you think that we should keep DHE-based 0-RTT please indicate so > > now and provide your rationale. > > > > J&S > > > > _______________________________________________ TLS mailing list > > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls > > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
