> On May 23, 2017, at 2:07 PM, Colm MacCárthaigh <c...@allcosts.net> wrote: > > That's not good for users, and seems like another very strong reason to make > it clear in the TLS draft that that it is not secure. FWIW; DNSCurve includes > nonces to avoid attacks like this: https://dnscurve.org/replays.html (which > means keeping state).
Actually, nonces in DNScurve protect clients from replayed server responses (clients are stateful). I see no explicit guidance to detect or refuse replays of client queries in DNScurve. While servers could keep a nonce cache, in practice there are multiple servers and they don't share state (no "strike registers"). The replays discussed in the URL you provide are replays of stale, but still within signature validity DNSSEC server responses. Not replays of requests. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls