On Tue, Mar 29, 2016 at 6:52 PM, Martin Thomson <[email protected]> wrote:
> On 30 March 2016 at 12:49, Colm MacCárthaigh <[email protected]> wrote: > > But isn't that too late? If you have to wait for the client finished > message > > before you can even decrypt the 0RTT section; what's the benefit? it's > not > > "0RTT" any more. > > There is a Finished message in the client's first flight. It's before > the early data. > > https://tlswg.github.io/tls13-spec/#rfc.section.6.2.2 Sorry, I thought that Finished message disappeared due to concerns over not including any server data. That makes more sense of it; though I'll note that it relies on basically a Mac-Then-Encrypt construction. -- Colm
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
