On Thu, May 04, 2017 at 11:11:29PM -0500, Benjamin Kaduk wrote: > 5/04/2017 10:36 PM, Nico Williams wrote: > > On Thu, May 04, 2017 at 05:18:32PM -0700, Watson Ladd wrote: > >> > >> Which server? It's possible that the backhauls from the server the > >> TLS connection is made to to the server actually responding to the > >> request do not distinguish 0-RTT from other data. Opportunity for > >> administrative bloopers is immense: even if the responding server > >> rejects 0-RTT, the server proxying requests won't necessarily know > >> that inline as it is reusing the connection. > > The one that terminates TLS. If that's a reverse proxy, then it has to > > know or not allow 0-rtt. That means that by default reverse proxies > > can't accept 0-rtt, and they have to know a lot about the application in > > order to accept it (or else let the server know that 0-rtt was used and > > let the server give the client an appropriate error if that's not > > acceptable). > > I'm very skeptical that this position would survive into real-world > deployments.
Which part? _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
