On 06/01/2017 03:50 PM, Victor Vasiliev wrote: > > To clarify, I am not suggesting that two streams would help. > I completely > agree with you that two streams is not going to mitigate the > DKG attack or > others. What I meant is that 0-RTT inherently has slightly > different > properties from 1-RTT and must be used with that in mind. > Specifically, I > meant that it will not be enabled for applications by default, > and HTTP clients > would only allow it for methods that RFC 7231 defines as safe. > > > Well in the real world, I think it'll be pervasive, and I even > think it /should/ be. We should make 0-RTT that safe and remove > the sharp edges. > > > Are you arguing that non-safe requests should be allowed to be sent > via 0-RTT? > Because that actually violates reasonable expectations of security > guarantees > for TLS, and I do not believe that is acceptable. >
Do we have a good example of why a non-safe HTTP request in 0-RTT would lose specific properties required for security? If so, that seems like a good thing to include in the TLS 1.3 spec as an example of what can go wrong. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
