On Thu, May 4, 2017 at 12:12 PM, Erik Nygren <erik+i...@nygren.org> wrote:
> On Wed, May 3, 2017 at 11:13 PM, Eric Rescorla <e...@rtfm.com> wrote: > >> >> 1. A SHOULD-level requirement for server-side 0-RTT defense, explaining >> both session-cache and strike register styles and the merits of each. >> > > I don't believe this is technically viable for the large-scale server > operators most interested in 0-RTT. > I think it is (and work at one of the biggest) ... but if even it weren't, that would just imply that we can't have 0-RTT at all, not that it's ok to ship an insecure version. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls