
Introducing Zero Round Trip Time Resumption (0-RTT) - jgrahamc
https://blog.cloudflare.com/introducing-0-rtt/
======
hannob
This is gonna be interesting.

TLS 1.3 removes a whole lot of problematic constructions and greatly improves
security. However, 0-RTT is the only piece that looks like a candidate to
introduce new security problems, because it can allow replay attacks.

I'm pretty much waiting for some interesting attacks based on that showing up.
But from the severity I expect things more like POODLE or BEAST (== relatively
complicated to exploit) and less like Heartbleed.

(To be clear: I don't blame CF for enabling it, they have the problem on the
radar and seem to take some precautions, as you can read in the blogpost.)

------
phlo
Nick and Filippo also went into some more detail at their (excellent) 33c3
talk in December:
[https://media.ccc.de/v/33c3-8348-deploying_tls_1_3_the_great...](https://media.ccc.de/v/33c3-8348-deploying_tls_1_3_the_great_the_good_and_the_bad)

