Unbound 1.9.0 released - 0-RTT
nusenu
nusenu-lists at riseup.net
Mon Mar 25 22:12:00 UTC 2019
nusenu via Unbound-users:
>
>
> Wouter Wijngaards via Unbound-users:
>> There is also TLS session resumption support, that can be enabled with
>> the tls-session-ticket-keys option. Together with the already existing
>> TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
>> that enables zero RTT stream reconnections to the server.
>
> Since session ticket based TLS resumption is obsoleted
> in TLS 1.3 [1] and 0-RTT (on the TLS layer) has been introduced in TLS 1.3.
>
> Does unbound support TLS 1.3 0-RTT aka "early data"? [2]
> (downstream and upstream?)
>
>
> [1] https://tools.ietf.org/html/rfc8446#section-2.2
> [2] https://tools.ietf.org/html/rfc8446#section-2.3
this appears to fit well here:
(an early I-D)
https://datatracker.ietf.org/doc/draft-ghedini-dprive-early-data/
> Using Early Data in DNS over TLS
> draft-ghedini-dprive-early-data-00
>
> Abstract
>
> This document illustrates the risks of using TLS 1.3 early data with
> DNS over TLS, and specifies behaviors that can be adopted by clients
> and servers to reduce those risks.
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190325/d1478eb5/attachment.bin>
More information about the Unbound-users
mailing list