Section 4.2.10 requires a server receiving early data to behave in ways including (p53):
* Ignore the extension and return a regular 1-RTT response. The server then skips past early data by attempting to deprotect received records using the handshake traffic key, discarding records which fail deprotection... * Request that the client send another ClientHello by responding with a HelloRetryRequest... The server then ignores early data by skipping all records with an external content type of "application_data"... What are the use cases for each behaviour? And why does the former rely on deprotecting, when checking record content types is surely more efficient? (I'm extending my TLS 1.3 tutorial -- https://bensmyth.com/publications/2019-TLS-tutorial/ -- to include discussion of early data and I'm struggling to understand the rationale behind these two behaviours.) Best regards, Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
