On replay, the main finding is that what’s in the draft is not workably secure, and the review includes 5 different attacks against 0-RTT data to illustrate that.

https://github.com/tlswg/tls13-spec/issues/1001

source: green