Please see the following PR:
https://github.com/tlswg/tls13-spec/pull/673
This includes various changes to make exporters/resumption work better.
Basically:
1. Add a 0-RTT exporter and change the transcript for the regular exporter
so it
only includes the transcript up to ServerFinished. This gives it parity
with the
rest of the traffic keys. If we need an exporter with the full
transcript we can
always add it later
2. Point out that you can predict ClientFinished for NST when not doing
Client auth. This lets you issue tickets on the server's first flight,
while still
ensuring that if you do client auth you still bind resumption to the
client's
full transcript.
These are pretty straightforward changes, so absent objections I'll merge
them early next week.
-Ekr
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
