On Thu, Aug 31, 2017 at 09:50:07AM +1000, Martin Thomson wrote: > On 30 August 2017 at 22:57, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > > However, I identified a new category of extensions that I didn't notice > > before: Dependent on altered extensions. There are no such standardized > > extensions, but there is at least one proposal (in WG draft stage). > > Is it possible that you could help us by sharing which one?
early_token_binding from draft-ietf-tokbind-tls13-0rtt However, looks like in this case, the server advertises support for this in an NST extension, so at least it doesn't get thrown to random servers. Thinking about this more, it seems that any field or extension that could be different across retry falls into one of three categories: 1) Something related to 0-RTT. 2) Something "feral": These things basically do not play by the normal rules[1]. 3) Something that does not actually negotiate state[2]. Altering anything else will probably provoke Undefined Behavior due to unknown state commitments. [1] E.g., anything that goes into HelloRetryRequest or ServerHello, and supported_versions. [2] E.g. (Random), Padding. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
