On 1 April 2016 at 03:46, Ilari Liusvaara wrote:
>
>> > I believe Option #2 is simplest.
>>
>> I didn't mention this because I was composing on a phone at the time,
>> but we have to decide whether to allow a second attempt at 0-RTT. If
>> we do, then the effect is a
On Thu, Mar 31, 2016 at 12:18:45PM +1100, Martin Thomson wrote:
> On 31 March 2016 at 09:59, Eric Rescorla wrote:
> >> Option 2 suits best if we consider HelloRetryRequest to be a DoS feature
> >> exclusively or at least primarily. But we have other reasons for it and I
> >> don't
On Thu, Mar 31, 2016 at 09:57:51AM +1100, Martin Thomson wrote:
> On 31 Mar 2016 5:56 AM, "Ilari Liusvaara" wrote:
> > Then on topic of 0-RTT, how does 0-RTT key hashes behave if
> > handshake is restarted (main handshake hash continues, but
> > 0-RTT hash context
On 31 Mar 2016 5:56 AM, "Ilari Liusvaara" wrote:
> Then on topic of 0-RTT, how does 0-RTT key hashes behave if
> handshake is restarted (main handshake hash continues, but
> 0-RTT hash context currently needs to be separate from the
> main context)?
Good question. I