This sounds a bit like 0-RTT is a burning tirefire https://github.com/tlswg/tls13-spec/issues/1001 … should probably dig into it in detail.
-
-
Replying to @hanno
For context, the section on Forward Secrecy applies equally to all of TLS 1.2 when deployed with Session Tickets.
2 replies 1 retweet 3 likes -
Replying to @FiloSottile @hanno
And re: replays, I'm unconvinced the sky is falling. There are idempotent requests, the others can wait. Works for us, works for Facebook.
1 reply 0 retweets 1 like -
Replying to @FiloSottile @hanno
Just to pick some examples: how could you protect an origin that throttles requests at an unknown rate from throttle exhaustion?
1 reply 0 retweets 0 likes -
Or an application cache from timing leaks? Also, 0-RTT is hostname-level, will users really check all possible urls for strict idempotency?
1 reply 0 retweets 0 likes -
I found those ideas clever. But post-auth throttling for idempotent req. is not that common IMHO, and traffic analysis prob. > cache timing.
2 replies 0 retweets 0 likes
It's common. But also that's not how good security works. Attackers find the margins of that we leave unprotected, and attacks only improve.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.