On Fri, Aug 4, 2017 at 2:52 AM, Martin Thomson <martin.thomson@gmail.com>
wrote:
>
> Let me walk this back a little. I sat down and tried to see how
> inconsistent application of the defenses could be exploited and I drew
> a blank. It looks like the concerns here largely devolve to whether
> actions taken have side-effects.
>
> We could probably simplify the position then and say that if the
> request is safe to process, then that needs to be constant - different
> nodes at different times can't reach different conclusions. That's
> the consistency we need. If we don't have that, then an attacker can
> go shopping for someone to exploit.
>
I am fine with requiring the resource having to be either always safe, or
always unsafe, including:
1. Requiring this to be consistent across small-term timescales, and path
through which the request gets processed.
2. Banning resources which process the same request differently based on
whether it was received through 0-RTT or 1-RTT ("processing" here means
not rejecting).
I assume this means we no longer need to be able to find the early data
boundary
on the wire?