On Fri, Oct 15, 2021 at 2:51 PM Christian Huitema <[email protected]> wrote:
> * Details on usage of 0-RTT with XFR QUERY, issue > https://github.com/huitema/dnsoquic/issues/99 by Martin Thomson. The > current text is wrong, because 0-RTT resumption includes carry over of > the authentication negotiated in the previous connection. We may want to > not consider XFR Queries as replayable, and ask servers to wait until > the handshake is complete before processing them. > > * Details on the 0-RTT mitigation text, issue > https://github.com/huitema/dnsoquic/issues/102 by Martin Thomson. The > current text is based on the original analysis done by DKG years ago, > which pointed out the risks of replaying 0-RTT packets at attacker > chosen times. That attack is largely mitigated by the replay protection > in TLS 1.3, which is mandatory to implement. 0-RTT packets can only be > replayed within a narrow window, which is only wide enough to account > for variations in clock skew and network transmission.Need to update the > text and account for that. > This seems like another good reason to move the 0-RTT discussion into the 0-RTT draft. I've opened a copy-and-paste PR here: https://github.com/ghedo/draft-ghedini-dprive-early-data/pull/4 I would appreciate clearer guidance from the chairs on where the 0-RTT text should live.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
