On Thu, May 04, 2017 at 03:12:41PM -0400, Erik Nygren wrote: > On Wed, May 3, 2017 at 11:13 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > > 1. A SHOULD-level requirement for server-side 0-RTT defense, explaining > > both session-cache and strike register styles and the merits of each. > >
> Many of the discussions I've been in seem to have concluded that we should > always be assuming that 0-RTT data can and will be replayed, and > applications > and application protocols need to design and use it carefully, accordingly. The problem is, the amount of replays is so great even non-idempotency that is normally of no consequence becomes a major problem. It isn't one or two or three replays, it could be _millions_ of replays. Almost nothing is idempotent enough, unless extremely carefully designed, and very few things are. There are loads of GET endpoints there that don't have any wild non- idempotent behaviour, but still aren't idempotent enough. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
