Hi, Two short comments/questions on 0-RTT in DTLS 1.3, apologies if I missed something in the specs:
1) In DTLS 1.3, it would seem common for the server to send an HRR for the sake of return routability checking. TLS 1.3 forbids the use of 0-RTT after an HRR. So, 0-RTT can't be used in DTLS 1.3 if the server requires return routability checking -- is this understanding correct? Should this be stated more explicitly? 2) Not allowing 0-RTT after an HRR, or rather not allowing 0-RTT twice, seems important for DTLS 1.3 as we'd otherwise overload epoch 1. Is this worth stating? Cheers, Hanno IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
