On 03/31/2016 12:02 PM, Bill Cox wrote: > On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig > <hannes.tschofe...@gmx.net <mailto:hannes.tschofe...@gmx.net>> wrote: > > Hi Sean, > > we at ARM would find it somewhat unfortunate to remove the client > authentication feature from the 0-RTT exchange since this is one > of the > features that could speed up the exchange quite significantly and > would > make a big difference compared to TLS 1.2. > > > Client certs can still be used with PSK 0-RTT, but only on the initial > 1-RTT handshake. it is up to the client to ensure that the security > of the resumption master secret (RMS) is solid enough to warrant doing > 0-RTT session resumption without re-verification of the client cert.
That seems to rule out most corporate uses of client certs [for 0-RTT client authentication], since I doubt anyone will be interested in trusting that the client does so properly. -Ben > The simplest way to explain how the server should work in this case is > to just say you need to emulate a session cache. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
