[gnutls-devel] TCP Fast Open
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jul 22 21:56:48 CEST 2016
On Thu 2016-07-21 18:14:57 +0200, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> Yes, you cannot achieve 0-rtt with TLS 1.2 as it is now. For that TLS
> 1.3 will be required.
0-rtt for TLS 1.3 will only work in a situation where the client has
already completed a prior TLS handshake with the server (it needs
"priming").
Please be aware that pretty much all data sent in a 0-rtt flow on TLS
1.3 will have a range of security properties that differ from
(specifically: are worse than) what's normally expected from traffic in
a TLS flow. For example, replay protection and forward secrecy
of data in a 0-rtt flow are worse than data in a normal TLS session.
> However, since TLS 1.3 is a completely new protocol (even though its
> name suggests a minor improvement, it will share very little code with
> a TLS 1.2 implementation) and is still under revision, I'll wait a
> little more for the protocol draft to settle down before going into
> any implementation planning.
fwiw, i think the draft has settled down a lot. at the IETF hackathon
last week, there were 6 implementations all built against draft-14, and
they had most of the full 6×6 interop grid checked off successfully.
--dkg
More information about the Gnutls-devel
mailing list