This sounds a bit like 0-RTT is a burning tirefire https://github.com/tlswg/tls13-spec/issues/1001 … should probably dig into it in detail.
Yes but I thought 1.3 was supposed to fix that. I just want a way, as client, to kill all forward secrecy compromise threats.
-
-
Well you can do that by not using 0rtt. The question is how many clients who should disable 0rtt wont
-
This is up to client sw and can be fixed by pressuring them to do the right thing. Unlike server behavior it's testable too.
-
People like speed, and the world benefits from faster systems. Seems like a severe cost to fix it. We can have it all.
End of conversation
New conversation -
-
-
Latency is a very very distant secondary concern.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
"a way, as client, to kill all forward secrecy compromise threats" = don't do 0-RTT, only do PSK-(EC)DHE resumption, done.
-
But will servers still generate & save keys that would break forward secrecy if exposed?
-
No, everything is behind ephemeral Diffie-Hellman.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.