[bawolff]

> Has it been demonstrated at all that someone who intercepts a session key is able to somehow inject into a conversation? It seems highly unlikely to me with TCP over the internet.

if you can read the TLS session in general, you can capture the TLS session ticket and then use that to make a subsequent connection. This is easier as you dont have to be injecting packets live or make inconvinent packets disappear.

[cyberpunk]

It seems like detecting a re-use like this should be reasonably easy, it would not look like normal traffic and we could flag this to our surveillance systems for additional checks on these transactions. In a post quantum world, this seems like something that would be everywhere anyway (and presumably, we would be using some other algo by then too).

Somehow, I'm not all that scared. Perhaps I'm naive.. :}

[bawolff]

> It seems like detecting a re-use like this should be reasonably easy, it would not look like normal traffic

I don't see why it wouldn't look like normal traffic.

> Somehow, I'm not all that scared. Perhaps I'm naive.. :}

We're talking about an attack that probably won't be practical for another 20 years , which already has counter measures that are in testing right now. Almost nobody should be worried about it.