If a client has sent early_data and later encounters an error before it has sent the end of early data message, should the alert be sent in plaintext, or encrypted using the client_early_traffic secret? The error could occur before or after the client knows whether the server has accepted its early_data.
Thanks Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls