I'm not sure that the other discussions are productive any more, so I'll fix my errors...
On Thu, Jan 7, 2021, at 15:04, Benjamin Kaduk wrote: > > This isn't an "Updates: X" moment at all in my view. Extensions to TLS > > have added new handshake messages (certificate status for instance) without > > updating what it means to implement the core protocol. It's only an update > > in my view if the functions defined in the updated document. > > (incomplete?) Sorry, ... if the functions in the update alter the operation of the core protocol in ways that the core protocol does not anticipate or allow. For TLS extensions can (and have) changed all sorts of stuff. > > I referred to all of the code that involves 0-RTT. > > At what layer? I honestly do not understand which parts you see as "the > same behavior". The application will have some data to send early, sure, > but at some point your interface has to know if it's running over TCP+TLS > or over QUIC, and the only differences I see are below that point. Any > given TLS handshake is intrinsically destined for QUIC or not-QUIC, so > you're never in a situation where you would send both extensions at the > same time. I was largely referring to the TLS internals that would change if early data was conditioned on a second extension. It's not a big change, but it would definitely be a difficult one to get right. My guess is that 0-RTT accounts for about half of the complexity of TLS 1.3 in our stack. 0-RTT in QUIC is relatively easy once TLS has it (it only took me a few hours to implement, from memory). > For what little it's worth, the patches to enable building a QUIC stack on > top of OpenSSL (that have been rejected by upstream at this point in the > 3.0.0 release cycle and are now maintained by Akamai and used by several > parties) don't implement support for early data at all, so I don't have any > direct implementation insight to provide. OTOH, that suggests that people > might not be using QUIC 0-RTT with the openssl TLS stack at all. 0-RTT is a feature that isn't uniformly supported (I don't think that Google implementations have support yet, though I could be wrong). It's in Firefox and awesome though. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls