I think this will better account for the round trip delay if the elapsed_time is defined on the client as the time since the request for the session ticket (in other words, the time since the client hello was sent). That way both the server computed time and the client reported time will include 1 round trip.
-----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Thomson Sent: Tuesday, March 29, 2016 6:29 AM To: tls@ietf.org Subject: [TLS] Narrowing the replay window https://github.com/tlswg/tls13-spec/pull/437 In short, have the client report the time since it received the configuration. Then have the server reject early data if the time doesn't match. I think that this is a relatively easy change to make. Now, your exposure to replay is much less. It's not ironclad, since the server needs to account for a round trip, but I think that would could probably get the window down to single-digit seconds. _______________________________________________ TLS mailing list TLS@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=yV13qQWQtVr_en1cI1kcs4zRx07qsOQ4PNkMQFvEIQw&s=XQHs_Zge-MaIU6aeUJxO3PTm-2SGhf8O-AAoRKk_vws&e= _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
