> Let's get the fallacy out of the way. TLS 1.3 provides protection against > replay > attacks, just not if you decide to use 0-RTT. > > I realize that there is a real risk that this distinction will be lost on > some, but I > can fairly confidently say that it isn't lost on those who are considering > its use > in various protocols.
Well, for example, Chrome/boringSSL should arguably know better but are treating it all as one equivalent stream. Is FF/NSS doing the same thing? Why? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
