This sounds a bit like 0-RTT is a burning tirefire https://github.com/tlswg/tls13-spec/issues/1001 … should probably dig into it in detail.
Or an application cache from timing leaks? Also, 0-RTT is hostname-level, will users really check all possible urls for strict idempotency?
-
-
I found those ideas clever. But post-auth throttling for idempotent req. is not that common IMHO, and traffic analysis prob. > cache timing.
-
Re: checking all URLs, non-idempotent URLs for query-less GETs sound insane/very rare to me. Willing to be proven wrong, but haven't yet.
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.