On 22 December 2015 at 13:25, Christian Huitema <[email protected]> wrote: >> Unless I'm confused (which is possible given the time of night), >> the intention, as you say, is to separate out the 0-RTT handshake >> messages i.e., (cert, cert verify, finished) from the 1-RTT computations. > > OK. That does not simplify implementations using running hashes...
It does if you consider the possibility of having to drop the 0-RTT data. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
