- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 23 Mar 2016 14:12:49 +1100
- To: Mike Bishop <Michael.Bishop@microsoft.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Subodh Iyengar <subodh@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 23 March 2016 at 13:21, Mike Bishop <Michael.Bishop@microsoft.com> wrote: > Idempotency is useful against short-time replay, like just resending until > you get a response. However, 0-RTT would permit replay seconds, minutes, or > more later, no? As Subodh notes, there is a suggestion (one that hasn't been implemented) of including timestamps in the 0-RTT. That would limit replay to a very narrow window. That window would only widen to allow for a errors in estimating the round trip time, and any amount that two clocks might drift relative to each other. I would hope that this would be seconds, probably something like 2s. The open question part (at least to my mind) includes: who writes the PR; and which endpoint estimates the round trip time.
Received on Wednesday, 23 March 2016 03:13:16 UTC