On 4 May 2017 at 11:11, Watson Ladd <watsonbl...@gmail.com> wrote: > Historically TLS protected against replay attacks. Now it doesn't. An > application that relies on this property which TLS used to guarantee > is now broken. Clearly we could have provided it, we just chose not > to.
Let's get the fallacy out of the way. TLS 1.3 provides protection against replay attacks, just not if you decide to use 0-RTT. I realize that there is a real risk that this distinction will be lost on some, but I can fairly confidently say that it isn't lost on those who are considering its use in various protocols. For instance, I've spoken to someone who is looking at XMPP seriously and the advice there is pretty close to *don't* use 0-RTT. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
