On Thu, May 04, 2017 at 05:18:32PM -0700, Watson Ladd wrote: > On Thu, May 4, 2017 at 4:58 PM, Nico Williams <n...@cryptonector.com> wrote: > > On Thu, May 04, 2017 at 04:35:10PM -0700, Watson Ladd wrote: > >> 0-RTT is opt-in per protocol, and what we think of per application. > > > > Yes. > > > >> But it isn't opt-in for web application developers. Once browsers and > >> servers start shipping, 0-RTT will turn on by accident or deliberately > >> at various places in the stack. > > > > It should be up to servers whether a request is allowed with 0-rtt. > > Which server? It's possible that the backhauls from the server the > TLS connection is made to to the server actually responding to the > request do not distinguish 0-RTT from other data. Opportunity for > administrative bloopers is immense: even if the responding server > rejects 0-RTT, the server proxying requests won't necessarily know > that inline as it is reusing the connection.
The one that terminates TLS. If that's a reverse proxy, then it has to know or not allow 0-rtt. That means that by default reverse proxies can't accept 0-rtt, and they have to know a lot about the application in order to accept it (or else let the server know that 0-rtt was used and let the server give the client an appropriate error if that's not acceptable). Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
