On Tue, Mar 29, 2016 at 4:37 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 30 March 2016 at 06:53, Colm MacCárthaigh <c...@allcosts.net> wrote: > > It's likely I'm misunderstanding, but I'll ask to clear it up. Does this > > proposal imply that a 0RTT section can only be sent within a very tight > time > > limit of when the server provided a resumption ticket/configuration? > > No. If we accept Stephen's suggestion and go to milliseconds (I will > do that), then the maximum age of a ticket is just over 7 weeks. Much > longer than the time we allow a resumption ticket to live. > i did mis-understand so; I read your PR as suggesting that the server should impose a small limit on the elapsed time itself. But now I think what you're saying is this; the server should check that the same amount of time (modulo an RTT) has elapsed on both the client and the server. A few other questions; * How is the elapsed time on the wire authenticated? can't an attacker modify it and replay? * Should the difference really be 1RTT, or 1/2 RTT (well, really "TT" I guess) ? * Clock drift; especially on clients, seems like a real problem here - how tight would realistic tolerances be? - Colm -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls