On Thu, May 19, 2016 at 11:31:53AM -0700, Eric Rescorla wrote:
> Yes, I think this would be good text. PR wanted :)
I think this is much too complicated. Simpler solution is for
clients (browsers and the like for which tracking is an issue) to
not reuse sessions when their IP address changes, and/or keep
session lifetime suitably short on the client end. In addition
implementing a short "idle timeout" for sessions on the client side
would be quite effective.
The burden of tracking counter-measures should fall squarely on
the client.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
