> On Mar 13, 2016, at 7:14 AM, Stephen Farrell <[email protected]>
> wrote:
>
> So, can people suggest ways in which we can figure out the impact
> of replayable data across all the many uses of TLS?
For idempotent (more strongly side-effect free) lookup protocols, 0-RTT makes
good sense. There is no need for replay protection in the absence of
side-effects. Web browsers are not the only use-case for TLS.
Similarly, in SMTP with STARTTLS the client's first data payload is a repeat
of an EHLO command that was already sent in the clear! So one might for example
send the client's EHLO as 0-RTT replayable data. Of course SMTP servers that
support 0-RTT data don't exist yet, but they may once 0-RTT becomes widely
available in SSL/TLS toolkits.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
