One of the acknowledged disadvantages of TLS for Gemini is latency. TLS 1.3 has a feature that could mitigate this problem in some circumstances. To quote RFC 8470: > TLS 1.3 [TLS13] introduces the concept of early data (also known as > zero round-trip time (0-RTT) data). If the client has spoken to the > same server recently, early data allows a client to send data to a > server in the first round trip of a connection, without waiting for > the TLS handshake to complete. > > When used with HTTP [HTTP], early data allows clients to send > requests immediately, thus avoiding the one or two round-trip delays > needed for the TLS handshake. This is a significant performance > enhancement; however, it has significant limitations. > > The primary risk of using early data is that an attacker might > capture and replay the request(s) it contains. Has anyone implemented a Gemini client and/or server with support for 0-RTT data? Any thoughts on which requests can safely use it? (For example, would it be reasonable to allow early data for all requests that don't use a client certificate?)
---
Next in thread (2 of 2): 🗣️ solderpunk (solderpunk (a) SDF.ORG)