On 24 June 2016 at 01:05, David Benjamin <david...@chromium.org> wrote: > I don't think this matters. Just don't reuse tickets. But, if we cared, per > the "dumbest possible thing that might work" school of thought, we can > replace XOR with addition modulo 2^32. Now ticket reuse leaks the delta > between two ClientHellos, which, precision aside, was already public > information from the receive time (with ticket as correlator). The timestamp > of the ticket-minting connection is as secret as before.
That sounds like fine reasoning to me. XOR or addition are both easy enough to specify. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
