On 5 July 2017 at 20:35, Eric Rescorla <e...@rtfm.com> wrote: > Yes, that might not be a terrible idea. I'd also be open to replacing > the hashes of 0 with an n-byte length 0 string. It's a tiny paper > cut (and a wire format change), but would make things slightly simpler .
I think that would be best. With the change to the transcript hash, the context would then be: 1. a transcript hash (size = hash function output) 2. 0 (size = 0) 3. ticket nonce (size = 1..255) Out of interest, why not permit 0 length ticket nonces for those of us that don't issue multiple tickets? I think that we should take the hit and make the change. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
