On Jan 27, 2016 9:45 AM, "Martin Thomson" <[email protected]> wrote:
>
> On 28 January 2016 at 02:09, Watson Ladd <[email protected]> wrote:
> > All 0-RTT data is replayable, but I don't see what replaying a
> > authenticated replayable connection gets you.
>
> If the 0-RTT flight includes actions (especially non-idempotent ones)
> that only apply if the authentication is correct, then you get
> authenticated replayable actions.
>
> e.g., "please pay Watson $10, my certificate authenticates this request"

We already know non-idempotent actions cannot be put into 0 RTT.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to