HTTP folks, Mark, Willy, and I have put together a draft that describes how HTTP works with early data (or 0-RTT). There's nothing revolutionary here, but we went through all the intermediary scenarios and ensured that we have them covered. The main thing of interest is the technique we recommend for avoiding exposure to replay attack. --Martin ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 22 June 2017 at 16:50 Subject: New Version Notification for draft-thomson-http-replay-00.txt Name: draft-thomson-http-replay Revision: 00 Title: Using Early Data in HTTP Document date: 2017-06-22 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/internet-drafts/draft-thomson-http-replay-00.txt Status: https://datatracker.ietf.org/doc/draft-thomson-http-replay/ Htmlized: https://tools.ietf.org/html/draft-thomson-http-replay-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-thomson-http-replay-00 Abstract: This document explains the risks of using early data for HTTP and describes techniques for reducing them. In particular, it defines a mechanism that enables clients to communicate with servers about early data, to assure correct operation.Received on Thursday, 22 June 2017 07:27:58 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:57 UTC