https://github.com/tlswg/tls13-spec/pull/461
It could probably use some cleaning up ("PSK/session ticket"). Do we
also want a sentence explaining the issue?
Kyle
On Thu, May 19, 2016 at 2:31 PM, Eric Rescorla <e...@rtfm.com> wrote:
> Yes, I think this would be good text. PR wanted :)
>
> -Ekr
>
> On Thu, May 19, 2016 at 11:19 AM, Kyle Rose <kr...@krose.org> wrote:
>>
>> Regarding the ability for passive observers' tracking of clients
>> across connections (and potentially across IPs) via a session ticket
>> used more than once, should there be any language around recommended
>> practice here, especially for clients?
>>
>> An appropriately-configured server can help the client avoid this
>> problem without performance penalty by issuing a new session ticket on
>> every connection (for non-overlapping handshakes) and/or multiple on
>> one (to cover that gap), and a client can help by keeping only the
>> most recent ticket for a particular session and/or using a given
>> ticket only once.
>>
>> Thoughts on adding language under "Implementation Notes" such as:
>>
>> "Clients concerned with privacy against tracking by passive observers
>> SHOULD use a PSK/session ticket at most once. Servers SHOULD issue
>> more than one session ticket per handshake, or issue a new session
>> ticket on every resumption handshake, to assist in the privacy of the
>> client while maintaining the performance advantage of session
>> resumption."
>>
>> For pure PSK I assume tracking is less of an issue, but I'm happy to
>> entertain thoughts there, as well.
>>
>> Kyle
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
