Ryan Hamilton <r...@google.com> writes: > On Mon, Mar 14, 2016 at 12:12 PM, Geoffrey Keating <geo...@geoffk.org> > wrote: > > > So, I don't think HTTP is generally safe against attacker-forced > > replay, and would suggest great caution in allowing it. > > > > It's worth keeping in mind this recent paper about Replay attacks against > HTTPS <http://blog.valverde.me/2015/12/07/bad-life-advice/#.VucOsJMrIxN>. > TL;DR: Attackers can already force a browser to replay requests basically > at will. As a result, it's not clear that 0-RTT replay makes this > situation worse.
The blog indicates that it's possible to cause a browser to repeat a request exactly once, within a short timeframe (probably 60 seconds or so) before the browser times out; and the browser must not see the first request succeed. That's quite different from being able to let a client make and complete a request, and then being to repeat that request thousands of times over a period of hours or longer; even if the client is a browser, it might be hard to convince it to do that. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls