On Sun, Jul 19, 2015 at 02:56:22PM +0200, Eric Rescorla wrote:
> I'm not seeing a lot of value here. Remember that servers are not
> required (and have never been required) to do session resumption, but
> much of the overhead of doing it (having to have a database, session
> ticket machinery) is associated with being willing to do session
> resumption at all, so if a small fraction of clients would tell
> you that they're not interested in resumption, it's not clear that
> buys you much.
>
> Are there any server operators who think this is a useful feature
> and can explain why?
These days, I'm operating servers that only support session tickets
(no server-side cache). If the client does not send the session
ticket extension, no session is cached.
So for servers that elect the same strategy, there's no need for
a separate means to signal the client's intentions.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
