On Jan 27, 2016 9:45 AM, "Martin Thomson" <martin.thom...@gmail.com> wrote: > > On 28 January 2016 at 02:09, Watson Ladd <watsonbl...@gmail.com> wrote: > > All 0-RTT data is replayable, but I don't see what replaying a > > authenticated replayable connection gets you. > > If the 0-RTT flight includes actions (especially non-idempotent ones) > that only apply if the authentication is correct, then you get > authenticated replayable actions. > > e.g., "please pay Watson $10, my certificate authenticates this request"
We already know non-idempotent actions cannot be put into 0 RTT.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls