On 05/04/2017 11:52 PM, Nico Williams wrote: > On Thu, May 04, 2017 at 11:11:29PM -0500, Benjamin Kaduk wrote: >> 5/04/2017 10:36 PM, Nico Williams wrote: >>> On Thu, May 04, 2017 at 05:18:32PM -0700, Watson Ladd wrote: >>>> Which server? It's possible that the backhauls from the server the >>>> TLS connection is made to to the server actually responding to the >>>> request do not distinguish 0-RTT from other data. Opportunity for >>>> administrative bloopers is immense: even if the responding server >>>> rejects 0-RTT, the server proxying requests won't necessarily know >>>> that inline as it is reusing the connection. >>> The one that terminates TLS. If that's a reverse proxy, then it has to >>> know or not allow 0-rtt. That means that by default reverse proxies >>> can't accept 0-rtt, and they have to know a lot about the application in >>> order to accept it (or else let the server know that 0-rtt was used and >>> let the server give the client an appropriate error if that's not >>> acceptable). >> I'm very skeptical that this position would survive into real-world >> deployments. > Which part?
No matter what we way here, there will be reverse proxies deployed on the internet in the next 5 years that blindly accept 0-RTT knowing nothing about the application and not letting the server know that 0-RTT was used. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
