2/ TLS1.3 tacitly supports escrow anyway, because static DH params can be used. Bizarrely: few argue to forbid this (clients could detect).
That avoids attacks where the attacker controls the servers choices by swapping tickets. Also means new alg priorities take.
-
-
2/ makes an even worse mockery of the pro-FS factions, huge *huge* inconsistencies!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The key share is considered “extra” on resumption, so there is no check that it matches the previous one.
-
Not saying it’s a great idea (we explicitly disable non-PFS resumption), but it makes your 0-RTT argument seem misdirected.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.