undefined | Better HN

0 pointskortex2y ago0 comments

That interferes with the ability to send multiple requests in-flight at the same time.

0 comments

Good point. Timestamps probably have a much better set of tradeoffs.

There could be a window: the last N sequence numbers are kept in a set, where N is higher than the number of concurrent requests.

willvarfar2y ago

Doesn't the server discarding requests with the timestamp beyond a threshold already do windowing but statelessly?

tommiegannert2y ago

I responded to this:

>> Timestamps can be vulnerable to clock attacks, right? Why not just include a monotonically increasing request number along with the nonce in each request?

> That interferes with the ability to send multiple requests in-flight at the same time.

I.e. it was assumed there was a sequence number, and I refuted that it disallows concurrent requests.

In general, I agree a signed timestamp is fine.

j / k navigate · click thread line to collapse

0 comments

apitman2y ago

Good point. Timestamps probably have a much better set of tradeoffs.

tommiegannert2y ago

There could be a window: the last N sequence numbers are kept in a set, where N is higher than the number of concurrent requests.

willvarfar2y ago

Doesn't the server discarding requests with the timestamp beyond a threshold already do windowing but statelessly?

tommiegannert2y ago

I responded to this:

>> Timestamps can be vulnerable to clock attacks, right? Why not just include a monotonically increasing request number along with the nonce in each request?

> That interferes with the ability to send multiple requests in-flight at the same time.

I.e. it was assumed there was a sequence number, and I refuted that it disallows concurrent requests.

In general, I agree a signed timestamp is fine.

j / k navigate · click thread line to collapse