On Tue, Dec 18, 2018 at 12:45:22AM -0600, David Benjamin wrote: > An earlier iteration even placed the retry on the same connection, which > makes the analog clearer. (Doing it in the same connection is rather a > mess, so we bounce to a new one.)
Any concern about the possibility that the reason the key did not work was that the particular server had unexpected keys, but reconnecting might land on a different server, with yet another set of keys? (Which is to say that I am concerned, but perhaps you're not?). Also connection re-establishment has considerable cost, additional TCP roundtrips on top of the extra TLS roundtrips. Is the HRR idea being explored in the parallel thread not viable? [ That'd be fine by me, one less thing to worry about, but it did seem worth exploring at first blush... The suggestion of using it as a fallback when there are either no keys in DNS, or they don't work also seems like it could be viable. ] -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls