Section 4.2.2 'Cookie', does not seem quite prescriptive enough for a MTI extension. It is unclear if the original client hello is supposed to be part of the Handshake Transcript. (It is in the "Incorrect DHE Share" section, but remains unspecified here). I'm willing to propose some text (either here or in a pull request), I just didn't know which way to go as far as the transcript and context. It would also benefit from an example of what to put in the cookie, similar to RFC 6347. e.g. Cookie = HMAC(Secret, Client-IP, Handshake Transcript).
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
