On Sun, Dec 18, 2016 at 09:18:41PM +0000, Mehner, Carl wrote: > It would also benefit from an example of what to put in the cookie, > similar to RFC 6347. e.g. Cookie = HMAC(Secret, Client-IP, Handshake > Transcript).
Well, most of the time, you don't want to use cookie field in TLS 1.3, as it is mostly meant for (future) DTLS 1.3. There are some exceptions, but those mostly involve protocols running on top of UDP using TLS 1.3 as internal component. And then that protocol should specify what goes to the cookie. And in DTLS 1.3, one presumably wants to include transcript state (good luck finding SHA-256 implementation that is featureful enough...) either as MAC'd plaintext or as encrypted value in the cookie. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
