tls-visibility is enemy action. Discuss.
In TLS1.3 there is no non-DH resume though, only the 0-RTT data misses FS, but is also the most critical data.
-
-
Read section 2.2: "PSKs can be used with (EC)DHE [..] or can be used alone, at the cost of losing forward secrecy for the application data."
-
Adding FS on the resumption with DH is a SHOULD, not a MUST. BoringSSL and NSS support non-FS resumption, for example.
- 5 more replies
New conversation -
-
-
Point is that the WG consensus is fine with no FS, key sharing, and MITM, when it’s for CDNs :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.