https://github.com/tlswg/tls13-spec/pull/437
In short, have the client report the time since it received the configuration. Then have the server reject early data if the time doesn't match. I think that this is a relatively easy change to make. Now, your exposure to replay is much less. It's not ironclad, since the server needs to account for a round trip, but I think that would could probably get the window down to single-digit seconds. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
