On Wed, May 3, 2017 at 5:25 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> I was responding to an overly broad statement you made. In the > discussion you also talk about timing side-channels and other ways in > which information can leak. Nothing we do at the TLS layer will > prevent those from being created in applications. > Sure, but things we're doing at the TLS layer can make it much worse, as in this case. I don't think we can make attacks easier. > Also, it might pay to remember that this is part of a larger context. > Applications routinely retry and replay; if they didn't, users would. > In the larger context, not all HTTP calls are coming from user actions, or from clients that retry in that way. Some clients need to be careful, precisely to achieve idempotency or safety. The review details the reasons why, and also why it is impractical for actors to separate out these cases and simple "not use" 0-RTT, due to how layers work and systems interoperate. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
