On Mon, Mar 14, 2016 at 12:32:51PM -0700, Eric Rescorla wrote:
> As far as I can tell, there's no protocol difference between "stateful" and
> "stateless" resumption.
> You use the same techniques (a replay cache) and the question is merely
> whether the server
> actually maintains one.
Experience with "replay caches" in Kerberos shows that they don't
work in the vast majority of cases. Protocols need to be safe
without replay caches.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
