On Tue, Mar 29, 2016 at 09:29:10PM +1100, Martin Thomson wrote: > https://github.com/tlswg/tls13-spec/pull/437 > > In short, have the client report the time since it received the > configuration. Then have the server reject early data if the time > doesn't match. > > I think that this is a relatively easy change to make. Now, your > exposure to replay is much less. > > It's not ironclad, since the server needs to account for a round trip, > but I think that would could probably get the window down to > single-digit seconds.
Is this intended to be somehow compatible with off-band configurations? I recall off-band configurations were stated as reason for having absolute instead of relative time in configurations. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
