On Wed, Apr 05, 2017 at 11:03:25AM +0200, Karthikeyan Bhargavan wrote: > What I am less confident about is the secure usage of features like > 0-RTT, 0.5 RTT, and post-handshake authentication.
Two of those (0-RTT and post-handshake authentication) are among the the things that scare me. 0.5-RTT less so, because unless you abuse 0-RTT, 0.5-RTT is to _unidentified_ peer, which should limit the abuse potential quite a bit. Well, the protocol where PHA would have been a major problem (HTTP/2) moved away from it, to exported authenticators... -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
