Skip to content

Commit

Permalink
Take text from Martin for impact of cache state attack
Browse files Browse the repository at this point in the history
  • Loading branch information
@huitema
huitema committed Aug 6, 2021
1 parent a56a2f9 commit 3d97f33
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions draft-ietf-dprive-dnsoquic.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -721,9 +721,8 @@ The freshness tests ensure that 0-RTT data can only be
successfully replayed if the delay from the creation of the
Connection Request to its arrival at the server does not exceed "a certain amount"
-- a parameter of the TLS implementation at the server.
The exposure to cache state attacks by means of 0-RTT replay
is reduced if this "certain amount" is small compared to
commonly used values of the cached records TTL.
The impact of cache state attacks by means of 0-RTT replay will be limited if this
"certain amount" is smaller than commonly used values of the cached records TTL.

This comment has been minimized.

Sign in to view

Copy link
@martinthomson

martinthomson Aug 8, 2021

Collaborator

You are assuming some relationship between the two values that I don't think holds. The key thing is that the window be small, not small relative to the TTL, but just small. The only thing that matters is the number of replay attempts the attacker is able to mount.

## Privacy Issues With Session Resumption

Expand Down

0 comments on commit 3d97f33

Please sign in to comment.