It's possible I'm reading the draft wrong, so this thread may be a very
short one.

(t here is in units of RTT, so t=0 is when the client sends ClientHello and
t=0.5 is when the server receives ClientHello and sends ServerHello, t=1 is
when the client receives ServerHello, etc.)

Looking at the Zero-RTT exchange here:
https://tlswg.github.io/tls13-spec/#rfc.section.6.2.2

Is the intention that the client, even in the successful 0-RTT case, send
two Finished messages (one at t=0 and one at t=1) and that the server not
send application data until receiving the second of these at t=1.5? If so,
does this not defeat the purpose of 0-RTT? Although the client now eagerly
sends at t=0, it will not see the response until t=2, which is no better
than the resumption case (in TLS 1.2 or 1.3) where the client doesn't send
until t=1.

David
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to