FWIW, I agree with Colm about STEK’s being TLS 1.3’s weakest point, for the reasons he lists. The security properties are very different from the full-handshake TLS 1.3, and that is why OpenSSL treats “early data” as a completely separate thing from the “normal stream.”
-- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
