On 04/07/16 20:54, Nikos Mavrogiannopoulos wrote: > > where id is sent by the server to the client either via an extension, or > by simply assuming that the client will copy and keep the ID seen at the > server packets (it doesn't really matter that this ID is unprotected as > it doesn't contribute nor affect the security in any way).
Does that id need to be static? If so, then it'd act as an additional way to track a user roaming over different IP and ports. That'd be a pity. If such an id is useful, maybe there's a way to allow it to change as well, in a way predictable for the server. S.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
