On Sat, Oct 8, 2016 at 10:06 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Sat, Oct 08, 2016 at 09:22:40AM -0700, Eric Rescorla wrote: > > > > In the APIs people have been designing, 0-RTT can become 1-RTT but not > the > > other way around. > > Specifically: > > > > - There is an option to allow 0-RTT writing > > - With that option on, SSL_Write() succeeds in both 0-RTT and 1-RTT > modes. > > - There is a callback that tells you when you have gone from 0-RTT to > 1-RTT. > > I really hope I misunderstood what you wrote... > > I understood it as: The TLS client library notifies the application > that it has transitioned on its own, without instruction from client > application from sending 0-RTT data to server to sending 1-RTT data > to the server??? > Approximately. It's a little more subtle than that b/c individual SSL_Write() calls don't cross boundaries, so at any given time you can interrogate what state you're in, but it's really not practical for the client app to tell the stack what state to be in, because the stack responds to receiving the server's Finished by sending end_of_early_data and then its own Finished, so it's not like you can keep it on sending 0-RTT at that point, though of course if you had two APIs, you could generate an error when the client tried to use the wrong one. Can you elaborate on your concern here? -Ekr > > > -Ilari >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
