On 22 June 2016 at 12:01, Watson Ladd <watsonbl...@gmail.com> wrote: > Why isn't 0-RTT an extension in the Client Hello to deal with this?
You can't stream extensions, which unfortunately is required given how most software interacts with their TLS stack. Let's be clear, the actual risk we're talking about is pretty-much confined to screw-ups. The deployment screwup where you left one server speaking TLS 1.2 somewhere before turning 0-RTT on; and TLS MitM, which calling a screw-up might be too positive a statement. Of course, David is right that screw-ups like this are too common for us to do nothing about them. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
