Re: Working Group Last Call for Using Early Data in HTTP

Hi Victor,

Your question actually suggests an answer:

On Wed, Dec 6, 2017 at 1:58 AM, Victor Vasiliev <vasilvv@google.com> wrote:
> Do you have a good use case in mind for processing 0-RTT in manner other
> than "identical to 1-RTT, buffer or 425"?

Not that I have a use case, but that we would be presumptuous to
assume that there is something else.  I would hate to see Vary:
Early-Data, but it's possible, especially given the alignment of
incentives.

Imagine a web page that includes some potentially-replay-vulnerable
bits inlined.  A 0-RTT response might include a subset of what might
be contained in a 1-RTT response, with dangerous parts elided and
later filled in.

Received on Thursday, 7 December 2017 05:28:08 UTC