On Tue, Nov 28, 2023, at 19:29, John Mattsson wrote: > I would strongly recommend all DTLS 1.3 libraries to completely remove > the option to disable replay protection.
I believe that the reason this exists is that some higher-layer protocols have their own replay protection, such that as long as the datagram is authentic, it is safe. However, I agree that if we are sending handshake messages that affect DTLS state, it is probably not good to have the DTLS layer fail to provide that protection. I believe that you can operate DTLS 1.3 without post-handshake handshake/control messages, in which case you might manage to avoid exposure. NSS has no means to disable replay protection and I see no reason to add that means. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
