On 4/18/18 2:39 PM, Stephen Farrell wrote: > > Hiya, > > On 18/04/18 21:13, Peter Saint-Andre wrote: >> On 4/17/18 3:37 PM, Stephen Farrell wrote: >>> >>> >>> On 17/04/18 16:22, Peter Saint-Andre wrote: >>>> During ART-ART and IESG review of draft-ietf-tram-stunbis, we realized >>>> that just pointing to RFC 7525 might not be enough anymore, now that the >>>> TLS 1.3 spec has been approved for publication. 7525bis, anyone? >>> >>> I also think it's a bit early, but no harm to start the >>> work, as long as it's not rushed. I'd say it'll be a while >>> before e.g. we see some of the 0rtt car-crashes that it'd >>> be good to advise against;-) >> >> Waiting until DTLS 1.3 is finished seems like a good idea. > > Agreed. > >> As to car crashes, that's not the job of 7525bis - if there are problems >> with 0rtt, someone needs to fix TLS, not the guidelines for using it. > > Disagree. 0rtt will (IMO, crystal balling:-) be used unsafely > by some folks. Assuming that we won't end up with consensus to > remove the feature from TLS1.3, then I do think it'd be right > to document what we know about (un)safely using 0rtt at the > time BCP195 is being updated. RFC7525 includes similar text > e.g. about session resumption (in section 3.4).
Maaaybe. ;-) > But... we can safely hold off on resolving that potential > disagreement until the relevant work is under way. I am looking forward to it already! Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
