On Mon, Mar 14, 2016 at 09:15:17AM -0700, Colm MacCárthaigh wrote: > On Mon, Mar 14, 2016 at 4:32 AM, Eric Rescorla <[email protected]> wrote: > > > For 1. Raw data throughput could be improved by envelope encrypting the > > early data; and transferring the envelope key only once the session has > > been fully authenticated > >
Unfortunately, that doesn't work for things like protocol banners or other things that can be sent in 0-RTT and replied to in 0.5-RTT. (Also, with regards to my comment about cryptographic screwedness, such screwedness is not inherent in DH-0RTT, but is consequence of the current implementation). -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
