On 29 March 2016 at 22:32, Stephen Farrell <[email protected]> wrote: > In an offlist exchange with Martin, I suggested allowing > finer granularity than 1s, e.g. 1ms.
I think that this is reasonable. This might allow for tighter tolerance for drift, which means less replay opportunity. On 30 March 2016 at 04:45, Kyle Nekritz <[email protected]> wrote: > I think this will better account for the round trip delay if the elapsed_time > is defined on the client as the time since the request for the session ticket > (in other words, the time since the client hello was sent). Unfortunately, there is no client message that solicits the NewSessionTicket. The message can be sent spontaneously by a server at any time. On 30 March 2016 at 05:49, Ilari Liusvaara <[email protected]> wrote: > Is this intended to be somehow compatible with off-band configurations? If an out of band configuration is used, then we would need a rule for establishing the time that elapsed_time starts from and new rules about tolerances. This isn't going to be compatible straight off. On 30 March 2016 at 06:53, Colm MacCárthaigh <[email protected]> wrote: > It's likely I'm misunderstanding, but I'll ask to clear it up. Does this > proposal imply that a 0RTT section can only be sent within a very tight time > limit of when the server provided a resumption ticket/configuration? No. If we accept Stephen's suggestion and go to milliseconds (I will do that), then the maximum age of a ticket is just over 7 weeks. Much longer than the time we allow a resumption ticket to live. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
