Open fluffy opened 3 months ago
Is it safe? I think replaying an ANNOUNCE message would be disruptive, taking down the existing broadcast.
Agree with Luke. If you want a different application layer to use TLS 0-RTT then I'd expect an analysis along the lines of https://www.rfc-editor.org/rfc/rfc8470.html
I suspect the only message even eligible for this is CLIENT_SETUP which is probably safe but the analysis needs to be done. I'm assuming the client can not send any other messages before the SERVER_SETUP or whatever the response is the CLIENT_SETUP. I agree ANNOUCE is not safe. We just need to look at others.
Anyways, agree we we need to do the analysis and put that in the security section.
Note in the draft that raw QUIC can to 0-RTT moq setup but webtransport does not support this. Add text to security section of why this is safe.