+1 I also strongly support adoption. Agreeing on and specifying how early data works as-safely-as-possible between TLS 1.3 and HTTP will be critical before we end up with non-interoperable or vulnerable-when-interoperating implementations. It is attractive enough that it seems likely partial implementations will show up in production before we standardize, especially if there is too much of a time gap between this and TLS 1.3 completing. - Erik On Aug 17, 2017 9:49 AM, "Kazuho Oku" <kazuhooku@gmail.com> wrote: 2017-08-10 0:25 GMT+09:00 Patrick McManus <mcmanus@ducksong.com>: > > https://www.ietf.org/internet-drafts/draft-thomson-http-replay-01.txt > > We've been discussing the risks of algorithms around early data both on the > list and face to face recently in Prague. This draft from Martin, Wily, and > Mark has obviously been the nexus of that conversation and the group > informally signaled support for adding it as a working group item during the > recent meeting. > > Please state whether you support adoption, and ideally why. Expressions of > interest in implementation would also be very helpful. I strongly support adoption. We need to standardize this draft to use Early Data in HTTP.
Received on Thursday, 17 August 2017 14:37:26 UTC