This sounds a bit like 0-RTT is a burning tirefire https://github.com/tlswg/tls13-spec/issues/1001 … should probably dig into it in detail.
Browsers retries not that interesting, could lock out one user. With 0-RTT replays, could lock out all users. New kind of DOS attack.
-
-
But think higher-level: better to be humble and assume risk is greater than we can conceive than to look for excuses to keep something iffy
-
I agree with the sentiment, but I think it applies to default config. An opt-in option for replay-able state-less reduced latency is ok IMHO
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.