[gnutls-devel] GnuTLS | add support for 0-RTT (!775)

[Development of GNU's TLS library]

Nikos Mavrogiannopoulos started a new discussion on doc/cha-gtls-app.texi:

> + at funcref{gnutls_anti_replay_init}, and then attached to a session using
> + at funcref{gnutls_anti_replay_enable}.  It can be deinitialized with
> + at funcref{gnutls_anti_replay_deinit}.
> +
> +By default, the mechanism stores the ClientHello messages on the process
> +memory.  For a long-running server or distributed servers, you can set
> +back-end functions with @funcref{gnutls_db_set_check_function} and
> + at funcref{gnutls_db_set_store_function} (see @ref{Session resumption}).
> +
> +Although those back-end functions can be the same as the one used for
> +TLS 1.2 session resumption, there are a couple of things to note.
> +Firstly, as the anti-replay mechanism doesn't use values associate with
> +the keys, the store function takes the same data as key and value.
> +Secondly, the back-end needs to periodically clean up the stored entries
> +based on the time window set with
> + at funcref{gnutls_anti_replay_set_window}.

What about adding: "the cleanup can be implemented by iterating through the database entries and calling
`gnutls_db_check_entry_time`. This is similar to session database cleanup used by TLS1.2 sessions."? Is that the suggested process?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/775#note_114129498
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181102/5ec435ea/attachment-0001.html>