On Tue, Mar 29, 2016 at 3:29 AM, Martin Thomson <martin.thom...@gmail.com> wrote:
> https://github.com/tlswg/tls13-spec/pull/437 > > In short, have the client report the time since it received the > configuration. Then have the server reject early data if the time > doesn't match. > > I think that this is a relatively easy change to make. Now, your > exposure to replay is much less. > > It's not ironclad, since the server needs to account for a round trip, > but I think that would could probably get the window down to > single-digit seconds. > It's likely I'm misunderstanding, but I'll ask to clear it up. Does this proposal imply that a 0RTT section can only be sent within a very tight time limit of when the server provided a resumption ticket/configuration? If so - is that really useful? over that kind of time length, wouldn't it be especially beneficial to simply keep the original connection open for a bit longer? I thought that an intent of 0RTT is that it can save time even when you're connecting to a server maybe hours (days?) after you originally did. Separately; is there a mechanism to prevent an attacker from changing the elapsed time value? -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls