- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 4 Dec 2017 11:57:58 +1100
- To: Victor Vasiliev <vasilvv@google.com>
- Cc: Willy Tarreau <w@1wt.eu>, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>, mnot <mnot@mnot.net>
On Mon, Dec 4, 2017 at 11:53 AM, Victor Vasiliev <vasilvv@google.com> wrote: > On Fri, Dec 1, 2017 at 2:47 PM, Willy Tarreau <w@1wt.eu> wrote: >> >> That's exactly why it's requested that all servers are configured >> consistently. As you demonstrated, as long as "all of them" is granted >> regardless of the decision, the processing is safe. What is important >> is that you can't end up in a situation whose starts with "some servers". >> >> Willy >> > > That's what I thought. But Martin's email makes it sound like there is a > reason to discard early data when it's received after handshake completion, > instead of treating it as replay-secure. If there is a chance that you would have accepted (and processed) those packets prior to handshake completion, you have an exposure. This is just a another case of the consistency requirement.
Received on Monday, 4 December 2017 00:58:21 UTC