On 07/18/2017 08:07 AM, Eric Rescorla wrote: > > > On Wed, Jul 12, 2017 at 3:39 PM, Benjamin Kaduk <bka...@akamai.com > <mailto:bka...@akamai.com>> wrote: > > > That is, in this case, the CH+0RTT data can be replayed by an > observer once enough time has elapsed that the > expected_arrival_time is within the window, similar to one of the > reordering attacks mentioned elsewhere. We could add the CH to > the strike register in this case, which would bloat its storage > somewhat and have entries that take longer than the window to > expire out. > > I don't have a good sense for how often we expect postdated CHs to > occur and whether the ensuing breakage would be manageable, but > I'm not sure that we've thought very hard as a group about this > question. > > > I think post-dated are going to happen pretty often based on what I > understand from > Kyle and others. I wouldn't be comfortable with hard fail, especially > given that this > just seems like the dual of the other case. Adding the CH to the list > seems like > a problem because it might stay forever. >
The "stay forever" part is awkward, yes. It would be great if Kyle/etc. could say a bit about why post-dated seems likely on the list, but I guess for the purposes of WGLC we can consider this comment resolved. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
