On Fri, May 19, 2017 at 09:59:57AM -0700, Colm MacCárthaigh wrote:
>
> Some protection is necessary; but it isn't too hard - a single-use session
> cache, or a strike register, do protect against the side-channel and DOS
> problems. Combined with a "fail closed" strategy and tickets that are
> sc
On Fri, May 19, 2017 at 01:10:29PM -0700, Colm MacCárthaigh wrote:
> On Fri, May 19, 2017 at 11:40 AM, Ilari Liusvaara
> wrote:
>
> > > * In order to fully reason about when that message may later get
> > received,
> > > there needs to be an agreed upon time-cap for 0-RTT receipt. Agreed by
> > a
On Fri, May 19, 2017 at 09:43:19PM -0400, Dave Garrett wrote:
> On Friday, May 19, 2017 04:51:21 pm Viktor Dukhovni wrote:
> > Which brings us to some more undesirable layer violation in the current
> > draft. The language in question is appropriate for updates to RFC5280,
> > but does not belong