Sure, those are fine weasel words. But do we really want to allow into this protocol something that can be misused with security implications in a protocol that’s attempting to solve a security problem? I really don’t know. I’m inclined to say, ‘no’ though. For all those same reasons that IPsec provides replay detection, I think TLS should too.
Derrell > On May 4, 2017, at 4:00 PM, Erik Nygren <erik+i...@nygren.org> wrote: > > "The onus is on clients not to send messages in 0-RTT data which are not safe > to have replayed and which they would not be willing to retry across multiple > 1-RTT connections. The onus is on servers to protect themselves against > attacks employing 0-RTT data replication." > > The server responsibility is a general property TLS can maintain while the > client responsibility requires an application profile to define. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls