TLS 1.3 removes a whole lot of problematic constructions and greatly improves security. However, 0-RTT is the only piece that looks like a candidate to introduce new security problems, because it can allow replay attacks.
I'm pretty much waiting for some interesting attacks based on that showing up. But from the severity I expect things more like POODLE or BEAST (== relatively complicated to exploit) and less like Heartbleed.
(To be clear: I don't blame CF for enabling it, they have the problem on the radar and seem to take some precautions, as you can read in the blogpost.)
TLS 1.3 removes a whole lot of problematic constructions and greatly improves security. However, 0-RTT is the only piece that looks like a candidate to introduce new security problems, because it can allow replay attacks.
I'm pretty much waiting for some interesting attacks based on that showing up. But from the severity I expect things more like POODLE or BEAST (== relatively complicated to exploit) and less like Heartbleed.
(To be clear: I don't blame CF for enabling it, they have the problem on the radar and seem to take some precautions, as you can read in the blogpost.)