> On 27 Jan 2016, at 8:38 PM, Andrei Popov <andrei.po...@microsoft.com> wrote: > > Ø The CertificateVerify message is still listed as an option in the 0-RTT > client's first flight at t = 0. Is this a mistake? I have not heard that > anyone wants to do this, as there is no possibility of a traditional > proof-of-possession in the first flight. > I agree with this: client auth in 0-RTT is replayable, unless the server > takes extraordinary steps (QUIC-like strike registers, database of client > nonces, etc.) No plans to implement, at least for now.
To clarify: by “no plans to implement”, do you mean no plans to implement 0-RTT, or no plans to implement client authentication with 0-RTT? Thanks Yoav
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
