Re: [TLS] 0-RTT profiles
On Mon, Aug 06, 2018 at 07:01:42PM +0100, Joseph Birr-Pixton wrote: > Hello, > > > Application protocols MUST NOT use 0-RTT data without a profile that > > defines its use. > > That profile needs to identify which messages or interactions are safe to > > use with 0-RTT > > and how to handle the situation when the server rejects 0-RTT and falls > > back to 1-RTT. > > 0-RTT has now at least two large deployments on the public internet > that I know of. Are there any such "profiles" published or being > worked on? draft-ietf-httpbis-replay is in the RFC Editor's queue. -Ben ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] 0-RTT profiles
On Mon, Aug 06, 2018 at 07:01:42PM +0100, Joseph Birr-Pixton wrote: > Hello, > > > Application protocols MUST NOT use 0-RTT data without a profile that > > defines its use. > > That profile needs to identify which messages or interactions are safe to > > use with 0-RTT > > and how to handle the situation when the server rejects 0-RTT and falls > > back to 1-RTT. > > 0-RTT has now at least two large deployments on the public internet > that I know of. Are there any such "profiles" published or being > worked on? The HTTP profile is in RFC-Editor queue (draft-ietf-httpbis-replay). -Ilari ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] 0-RTT profiles
Hello, > Application protocols MUST NOT use 0-RTT data without a profile that defines > its use. > That profile needs to identify which messages or interactions are safe to use > with 0-RTT > and how to handle the situation when the server rejects 0-RTT and falls back > to 1-RTT. 0-RTT has now at least two large deployments on the public internet that I know of. Are there any such "profiles" published or being worked on? Thanks for any pointers. Cheers, Joe ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
