On Tue, 2016-07-05 at 15:24 +0100, Stephen Farrell wrote: > it doesn't contribute nor affect the security in any way). > > > Does that id need to be static? If so, then it'd act as an > > > additional way to track a user roaming over different IP and > > > ports. That'd be a pity. If such an id is useful, maybe there's > > > a way to allow it to change as well, in a way predictable for > > > the server. > > Could be, but I don't have a use case for such > Hmm. I'd hope we can all share a use case of bring more > privacy-friendly where possible and of not introducing > changes that are privacy-unfriendly unless absolutely > unavoidable.
Thank you, now I understand your concern. However, I would like to point that a static identifier does not make the situation any worse than we have today. DTLS over UDP (or any other layer) is not anonymous, and DTLS as a protocol it was never meant to be. Moreover, any method to have a dynamic identifier should be of complexity that would make such an approach reasonable for a server to calculate without state (the problem this identifier solves is that a server doesn't know to which client this session belongs on receipt of a packet, thus it would have to calculate any dynamic identifiers without any state). regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
