O.k. this is going to be long tweet thread, but I promise it's worth it :) ... as long as you're into distributed systems, and network encryption, but then WHO ISN"T INTO DISTRIBUTED SYSTEMS AND NETWORK ENCRYPTION? Lame people, that's who ...
A "resumed" session is the same, but there's no RSA. Instead the server/client stashed away a resumption key. The client shows up and says "I HAVE THIS, CAN I USE IT?" and if the server agrees, it uses that key to authenticate itself. No RSA means it's faster, but we keep DH.
-
-
We keep DH because that means we keep Forward Secrecy. O.k., now 0-RTT, same as resumption, but the client/server also stashed away an early data key. The client shows up and just sends data encrypted with that key. No DH for that part of the conversation ...
-
... but then once the DH is done, we transition to that key, so we get forward secrecy again. In practice it means that the first few KB of a 0-RTT session might be replay-able and might not have forward secrecy. This is the .... KEY POINT. *groan*.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.