It's still there, in 4.6.1. "The sole extension currently defined for NewSessionTicket is “early_data”, indicating that the ticket may be used to send 0-RTT data (Section 4.2.9 <https://tlswg.github.io/tls13-spec/#early-data-indication>)). It contains the following value:"
-Ekr On Fri, Jun 2, 2017 at 12:57 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Thu, Jun 01, 2017 at 11:20:56PM -0700, Colm MacCárthaigh wrote: > > > > Maybe a lot of this dilemma could be avoided if the the PSKs that can be > > used for regular resumption and for 0-RTT encryption were separate, with > > the latter being scoped smaller and with use-at-most-once semantics. > > The problem here is that the scoping rules can be impossible for the > client to understand (there is possibly anycast involved!) > > > And also, more serious problem: I thought that server could send > tickets that can't be used for 0-RTT. And this was true a few drafts > back, but now it seems to have gotten lost (at least I can't find > the appropriate requirements). This is a problem, because it forces > any server that implements tickets to deal with at least ignoring > 0-RTT (trial decryptions!). Which is complexity that I rather not > have in servers that don't truly implement 0-RTT. > > > > -Ilari >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls