On 24 November 2016 at 13:18, Colm MacCárthaigh <c...@allcosts.net> wrote: > Can I break this into two parts then? First, do you agree that it would be > legitimate for a client, or an implementation (library), to deliberately > replay 0-RTT data? E.g. browsers and TLS libraries MAY implement this as a > safety mechanism, to enforce and audit the server's and application's > ability to handle the challenges of replay-ability correctly.
OK, let's be clear: I don't agree that the level of paranoia surrounding 0-RTT is warranted. I'm of the belief that end-to-end replay is a property we should be building in to protocols, not just something a transport layer does for you. On the web, that's what happens, and it contributes greatly to overall reliability. The reaction to perceived problems in 0-RTT is disproportionate. You are asking for a license to replay here at some arbitrary layer of the stack. That's not principled, it's just on the basis that you don't like 0-RTT and want to innoculate other people's software against the ill effects it might create. What I object to here is the externalizing that this represents. Now if I have the audacity to deploy 0-RTT, I have to tolerate some amount of extra trash traffic from legitimate clients? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls