No plans to implement client auth in 0-th RTT. Cheers,
Andrei From: Yoav Nir [mailto:ynir.i...@gmail.com] Sent: Wednesday, January 27, 2016 11:10 AM To: Andrei Popov <andrei.po...@microsoft.com> Cc: Bill Cox <waywardg...@google.com>; Martin Thomson <martin.thom...@gmail.com>; tls@ietf.org Subject: Re: [TLS] 0-RTT, server Application Data, and client Finished On 27 Jan 2016, at 8:38 PM, Andrei Popov <andrei.po...@microsoft.com<mailto:andrei.po...@microsoft.com>> wrote: > The CertificateVerify message is still listed as an option in the 0-RTT > client's first flight at t = 0. Is this a mistake? I have not heard that > anyone wants to do this, as there is no possibility of a traditional > proof-of-possession in the first flight. I agree with this: client auth in 0-RTT is replayable, unless the server takes extraordinary steps (QUIC-like strike registers, database of client nonces, etc.) No plans to implement, at least for now. To clarify: by “no plans to implement”, do you mean no plans to implement 0-RTT, or no plans to implement client authentication with 0-RTT? Thanks Yoav
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls