I wrote: > Also the server can't be actually stateless since > it needs to know the HelloRetryRequest message > for the transcript hash, right?
How can you even implement stateless HRR with a pseudo-session-ticket in the "cookie"? The server needs to know the full HRR message to calculate the transcript hash, but this can't be part of the ticket since the ticket is included within the HRR, thus changing it.... Mike _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls