"A lot of my writing is based on my reading of relevant RFCs, which are not always the easiest going for a non-expert, but can usually be considered authoritative. I spent enough time with the TLS RFCs to pick up the fact that there is a tradeoff between using "0-RTT" data (data sent along with the first TLS handshake message before the handshake completes) and"
"The reason that 0-RTT data may not have forward secrecy is rather subtle, but what it comes down to is that the encryption key used for 0-RTT data is derived from a secret that may be long-lived (up to several days). This contrasts with the session key that is derived in a full TLS handshake using ephemeral Diffie-Hellman; that key is unique to the session, depends on no"
0-RTT data is sent with the first TLS handshake message before the handshake completes and can trade off forward secrecy. The encryption key used for 0-RTT is derived from a secret that may be long-lived, potentially lasting up to several days. A full TLS handshake using ephemeral Diffie-Hellman derives a session key that is unique to that session and does not depend on long-lived secrets. The tradeoff between early data convenience and forward secrecy is subtle, and revised TLS specifications aim to clarify this behavior.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]