On 05/20/2017 04:33 AM, Ilari Liusvaara wrote: > > I meant what prevents the (say 10 second) windows from stacking up into > (say 20 second windows) if 0-RTT is used on multiple hops (client- > middlebox and middlebox-server)? > > One can not assume that the client has knowledge of any middlebox on > the path (e.g. CDNs in HTTP are in general invisible to the client). >
I think the attacker has to delay sending the client's 0-RTT to the middlebox for the 10-second window if it wants to get the 20-second delay overall (assuming the middlebox does at-most-once properly), at which point the client would have a sense that something fishy might be going on. Though, that still doesn't give the client a hard bound on the delay, I suppose. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls