On 4 May 2017 at 12:29, Salz, Rich <rs...@akamai.com> wrote: > That's kind of inflammatory. Apology accepted :)
Yep, a bit stronger than ideal, sorry. > I don't want to make things hard. I want to make them clear and merging > two sets of data with different security properties does not seem like it's > helpful. A clear delineation of security properties exists, if the handshake is done, then you are in the clear. Otherwise, beware. The separation of the streams doesn't help if you consider the possibility that 0-RTT data can be retroactively blessed. I agree that it's complicated and we'll need to learn more. I fully appreciate that you want to be conservative in how to implement this feature. As a predominantly client stack with far fewer consumers, I guess we are taking a few more liberties. Are we not both entitled to our own approaches in this regard? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
