Re: [TLS] 0-RTT and Anti-Replay

Dave Garrett <> Mon, 23 March 2015 17:59 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C01611ACF5D for <>; Mon, 23 Mar 2015 10:59:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r186S_pBu2fi for <>; Mon, 23 Mar 2015 10:59:46 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C65161AD064 for <>; Mon, 23 Mar 2015 10:59:45 -0700 (PDT)
Received: by qgf74 with SMTP id 74so31085239qgf.2 for <>; Mon, 23 Mar 2015 10:59:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:message-id; bh=KY8d19HzZF0Etw7GtXacaQR8SrXVFYUdx6tyb9S+atg=; b=ccISuQzv4EBW8dZiS8W2bu4knXC3p6xRwRkaeJVrw213NBjGf1cXWwLTGYo1gvFH26 S6T2E84hMVRZlsXDP4FA9/lW2UcdCMyB9nkM+tCByb4fNXnZuPoCYQRRGy1sISfPw16C /u7hpVCuL4blR1rpkCVEIjtC3wqCtUG2lkANF+lVOeKDOnnwDlYrboYoK+vD3Bn+U6ZH dOrNXTp4cQTwDFrMb1l4PJP5t4PXHiB78dV3oWLhsSG1HXKDghY68m+ttvLp6ACdqor1 i+sWLsJ4MG3uljr8e333r9o0d0lrdKSg0leQtSBDzgVnPyTJa2itNPD5cht3wTUp5BZg SgnQ==
X-Received: by with SMTP id c82mr712415qka.45.1427133561097; Mon, 23 Mar 2015 10:59:21 -0700 (PDT)
Received: from dave-laptop.localnet ( []) by with ESMTPSA id j66sm968680qgf.25.2015. (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 23 Mar 2015 10:59:20 -0700 (PDT)
From: Dave Garrett <>
To: "" <>, Eric Rescorla <>
Date: Mon, 23 Mar 2015 13:59:19 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-71-generic-pae; KDE/4.4.5; i686; ; )
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <>
Archived-At: <>
Subject: Re: [TLS] 0-RTT and Anti-Replay
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Mar 2015 17:59:47 -0000

At this point in the discussion, it might be a good idea to fork the currently proposed Early Data extension. Instead of one general box, have two specialized boxes. The first would be an Early Handshake Data extension and would be explicitly limited to handshake messages. The second would be an Early Idempotent Application Data extension and would be explicitly limited to application data messages that must be safe and idempotent. The purpose of this is to reduce consideration of early data as a generic mechanism without specific considerations needed for proper usage. Servers that wish to refuse the latter could do so more easily.