On Mon, Jul 04, 2016 at 01:56:01PM -0700, Eric Rescorla wrote:
>
> DTLS 1.3 should add an ACK, IMO.
Some quick napkin^Wtext editor sketch:
Handshake message type: acknowledge
- DTLS 1.3 only, not TLS 1.3.
- No retransmissions (transmitted once per trigger)
- Triggered if a complete flight is received with:
* session_ticket message by client
* certificate_request message by client and the client can't quickly
produce the authentication block[1]
* finished message by server.
- Contents:
* Enumerated type:
+ SESSION_TICKET_RECEIVED
+ CERTIFICATE_REQUEST_IN_PROGRESS
+ CLIENT_FINISHED_RECEIVED
* req_context: Certificate request context
(CERTIFICATE_REQUEST_IN_PROGRESS only).
The certficate_request case could occur during the handshake, it then
would kill the server retransmit timer if received, having only the
client hold the retransmit (after it has finished assembling the
authentication block).
This design can probably be improved quite a bit.
[1] Including block that rejects the request.
-Ilari
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
