[huhtenberg]

> this protocol is the result of thougtful and prolonged work of professionals.

Pray tell, why replay protection is done after decryption.

[TelegramApp]

In terms of DoS possibilities, one doesn't need to replay old messages, they could just as easily send new ones or random garbage.

We could employ additional filtering techniques, but that increases processing time. And since modern hardware allows for very fast AES decryption, there is no particular gain in building additional layers of protection.

All that, naturally, implies that other anti-DoS measures are also being used.

[rblaze]

Replay protection isn't about DoS attacks. Replay protections is about re-injecting previous messages to confuse recipient.

[phaus]

Well, you just made it painfully clear that at least one member of your team doesn't understand what a replay is.

In light of that, why would anyone in their right mind use a security product your organization developed?

[danabramov]

Please mind that Telegram team are not native English speakers.

[phaus]

Ah, that makes more sense then them not knowing what a replay is. Their writing is good enough that I didn't notice they weren't from an English speaking country.