On 13.6.2017 22:55, Ilari Liusvaara wrote: > On Tue, Jun 13, 2017 at 06:57:05PM +0000, Andrei Popov wrote: >> Regarding RFC language, I think we could be more specific: >> >> >> >> 1. A TLS implementation SHOULD/MUST only send 0-RTT application data if the >> application has explicitly opted in; >> >> 2. A TLS implementation SHOULD/MUST only accept 0-RTT application data if >> the application has explicitly opted in; >> >> 3. When delivering 0-RTT application data to the application, a TLS >> implementation SHOULD/MUST provide a way for the application to distinguish >> it from the rest of the application data. > > First of these has to be MUST, or you get problems like I outlined > earlier. > > And to implement checking for client only sending "safe" data, you need > the second and third.
I support MUST for the three points above. -- Petr Špaček @ CZ.NIC _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
