On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk <bka...@akamai.com> wrote:
> On 03/31/2016 12:02 PM, Bill Cox wrote: > > On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig < > <hannes.tschofe...@gmx.net>hannes.tschofe...@gmx.net> wrote: > >> Hi Sean, >> >> we at ARM would find it somewhat unfortunate to remove the client >> authentication feature from the 0-RTT exchange since this is one of the >> features that could speed up the exchange quite significantly and would >> make a big difference compared to TLS 1.2. >> > > Client certs can still be used with PSK 0-RTT, but only on the initial > 1-RTT handshake. it is up to the client to ensure that the security of the > resumption master secret (RMS) is solid enough to warrant doing 0-RTT > session resumption without re-verification of the client cert. > > > That seems to rule out most corporate uses of client certs [for 0-RTT > client authentication], since I doubt anyone will be interested in trusting > that the client does so properly. > Do those servers generally carry over client auth through resumption? -Ekr > > -Ben > > The simplest way to explain how the server should work in this case is to > just say you need to emulate a session cache. > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
