|
|
|
|
|
|
by niftich
3184 days ago
|
|
|
0-RTT is an awful idea anyway; the equivalent of spray-and-pray. Some folks under HTTPbis are working on an Internet Draft on Early Data's (~0-RTT's) ramifications [1] in HTTP. 0-RTT trades performance at the expense of security properties inside the same tunable protocol, which is the sort of wishy-washy stuff I (and others) were hopeful we'd get away from, the same way PFS ciphersuites went from obscure to preferred overnight, the same way cleartext HTTP has been marginalized, the same way broken ciphersuites were aggressively blacklisted and underused ciphersuites were pruned. [1] https://tools.ietf.org/html/draft-ietf-httpbis-replay-00 |
|
|