Hi folks, I've posted two PRs: https://github.com/tlswg/tls13-spec/pull/444 https://github.com/tlswg/tls13-spec/pull/445
These enact several consensus decisions from Buenos-Aires: 1. Remove 0-RTT (EC)DHE leaving only PSK-based 0-RTT (444) 2. Remove 0-RTT client auth (444) 3. Enhance the NewSessionTicket message to include indicators about permissible cipher suites and whether 0-RTT is allowed (445, but based on 444). These are still a bit of a WIP but should be ready for people to take a look (Ilari already has) to make sure that they are what you expect. In particular, please take a look at the way I've handled the 0-RTT parameters, which is to not expliclty signal any of them and to require that the server use the ones from the ticket and validate that essentially all of them match the newly negotiated parameters for the resumed session. Ilari has suggested that we should instead only require matching for a small number (based on individualized analysis). -Ekr P.S. I know that these are missing EncryptedExtensions from the client. That's on my list to do soon.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
