> On May 23, 2017, at 2:07 PM, Colm MacCárthaigh <c...@allcosts.net> wrote:
>
> That's not good for users, and seems like another very strong reason to make
> it clear in the TLS draft that that it is not secure. FWIW; DNSCurve includes
> nonces to avoid attacks like this: https://dnscurve.org/replays.html (which
> means keeping state).
Actually, nonces in DNScurve protect clients from replayed server responses
(clients
are stateful). I see no explicit guidance to detect or refuse replays of client
queries in DNScurve. While servers could keep a nonce cache, in practice there
are multiple servers and they don't share state (no "strike registers").
The replays discussed in the URL you provide are replays of stale, but still
within signature validity DNSSEC server responses. Not replays of requests.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
