Re: [quicwg/base-drafts] Describe interaction between QUIC and TLS regarding saved 0-RTT state (#2947)

[Martin Thomson <notifications@github.com>]

martinthomson approved this pull request.

Assuming you take my suggestions, this is good.

>  primary functions:
 
 - Sending and receiving handshake messages
+- Processing stored transport and application state from a 0-RTT capable session
+  ticket and determining if it is valid to accept early data on the connection

```suggestion
  and determining if it is valid to accept early data
```

>  primary functions:
 
 - Sending and receiving handshake messages
+- Processing stored transport and application state from a 0-RTT capable session

s/0-RTT capable session ticket/resumed session/

```suggestion
- Processing stored transport and application state from a resumed session
```

As before with the mention of tickets; and early data is already covered.

> @@ -644,6 +647,27 @@ A client MAY attempt to send 0-RTT again if it receives a Retry or Version
 Negotiation packet.  These packets do not signify rejection of 0-RTT.
 
 
+## Validating 0-RTT configuration

```suggestion
## Validating 0-RTT Configuration
```

> +When a server receives a ClientHello with the "early_data" extension, it has to
+decide whether to accept or reject early data from the client. Some of this
+decision is made by the TLS stack (e.g., checking that the cipher suite being
+resumed was included in the ClientHello; see Section 4.2.10 of {{!TLS13}}). Even
+when the TLS stack has no reason to reject early data, the QUIC stack or the
+application protocol using QUIC might reject early data because the
+configuration of the transport or application associated with the resumed
+session is not compatible with the server's current configuration.
+
+QUIC requires additional transport state to be associated with a 0-RTT session
+ticket. If stateless session tickets are used, this information must be stored
+in the session ticket. Application protocols that use QUIC might have similar
+requirements regarding associating or storing state. This associated state is
+used for deciding whether early data must be rejected. For example, HTTP/3
+({{QUIC-HTTP}}) settings determine how early data from the client is
+interpreted. Other applications using QUIC could have different requiremenets

```suggestion
interpreted. Other applications using QUIC could have different requirements
```

> +decide whether to accept or reject early data from the client. Some of this
+decision is made by the TLS stack (e.g., checking that the cipher suite being
+resumed was included in the ClientHello; see Section 4.2.10 of {{!TLS13}}). Even
+when the TLS stack has no reason to reject early data, the QUIC stack or the
+application protocol using QUIC might reject early data because the
+configuration of the transport or application associated with the resumed
+session is not compatible with the server's current configuration.
+
+QUIC requires additional transport state to be associated with a 0-RTT session
+ticket. If stateless session tickets are used, this information must be stored
+in the session ticket. Application protocols that use QUIC might have similar
+requirements regarding associating or storing state. This associated state is
+used for deciding whether early data must be rejected. For example, HTTP/3
+({{QUIC-HTTP}}) settings determine how early data from the client is
+interpreted. Other applications using QUIC could have different requiremenets
+for determining whether ot accept or reject early data.

```suggestion
for determining whether to accept or reject early data.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2947#pullrequestreview-278745896