|
|
|
|
|
|
by tommiegannert
969 days ago
|
|
|
I responded to this: >> Timestamps can be vulnerable to clock attacks, right? Why not just include a monotonically increasing request number along with the nonce in each request? > That interferes with the ability to send multiple requests in-flight at the same time. I.e. it was assumed there was a sequence number, and I refuted that it disallows concurrent requests. In general, I agree a signed timestamp is fine. |
|
|