On 07/20/2017 03:22 AM, Willy Tarreau wrote: > On Thu, Jul 20, 2017 at 09:59:39AM +0200, Martin Thomson wrote: >> On 20 July 2017 at 06:25, Willy Tarreau <w@1wt.eu> wrote: >>>> * There is no special API to handle 0-rtt data by the TLS terminator, i.e. it is treated as a part of the same 1-rtt stream of data >>> Does such an implementation really exist ? I mean, for openssl, it's clearly >>> different : >> There's a split in the community on this point. NSS merges the >> streams and 0-RTT reads and writes are not different from other reads >> and writes. > OK then I agree it's important to take care of this. One could say that > NSS transparently merging safe and unsafe data could cause trouble over > the long term and should possibly be adapted, but I don't know if that's > still possible. > >> I think that >> we should take the conservative approach here. > I agree on being conservative, which is also why I'm trying to check if > instead we could suggest not to implement it if the underlying layer > doesn't provide the necessary guarantees regarding received data. Do you > have contacts with the people working on NSS to know if that would be > something making sense for them, based on this example ? > The debate in the TLS WG over the question of needing separate APIs for a (potentially) ideologically separate data stream was ... quite heated. So I was hoping to not reopen it here, given that we seem to have ended up at a consensus that it is possible to reason correctly and obtain correct results using either philosophical picture. Perhaps there would only need to be a new API for "did any data on this stream arrive as early data" (in addition to the "is the handshake finished" API already known about). -Ben
Received on Thursday, 20 July 2017 18:13:15 UTC