On Thu, May 19, 2016 at 3:05 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> I think this is much too complicated. Simpler solution is for > clients (browsers and the like for which tracking is an issue) to > not reuse sessions when their IP address changes I don't think this is sufficient. Reusing session tickets will reveal distinguishing information about individual clients behind NAT exit points, for instance, even when their internal/RFC1918 addresses don't change. > The burden of tracking counter-measures should fall squarely on > the client. I agree that it's up to the client, but there are measures the server can take to assist the client while not adding to its full handshake burden. IOW, it helps the server, as well. Kyle _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
