On Tue, Mar 29, 2016 at 6:52 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 30 March 2016 at 12:49, Colm MacCárthaigh <c...@allcosts.net> wrote: > > But isn't that too late? If you have to wait for the client finished > message > > before you can even decrypt the 0RTT section; what's the benefit? it's > not > > "0RTT" any more. > > There is a Finished message in the client's first flight. It's before > the early data. > > https://tlswg.github.io/tls13-spec/#rfc.section.6.2.2 Sorry, I thought that Finished message disappeared due to concerns over not including any server data. That makes more sense of it; though I'll note that it relies on basically a Mac-Then-Encrypt construction. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls