On Mon, Aug 06, 2018 at 07:01:42PM +0100, Joseph Birr-Pixton wrote: > Hello, > > > Application protocols MUST NOT use 0-RTT data without a profile that > > defines its use. > > That profile needs to identify which messages or interactions are safe to > > use with 0-RTT > > and how to handle the situation when the server rejects 0-RTT and falls > > back to 1-RTT. > > 0-RTT has now at least two large deployments on the public internet > that I know of. Are there any such "profiles" published or being > worked on?
The HTTP profile is in RFC-Editor queue (draft-ietf-httpbis-replay). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls