Hi Ilari, On 08/07/2016 14:25, "ilariliusva...@welho.com on behalf of Ilari Liusvaara" <ilariliusva...@welho.com> wrote: >However, turns out this doesn't actually work as well as hoped in >practice. The problem is that client can't really change address >voluntarily >(even if it is behind CGNAT, it probably can't change the outgoing address >until CGNAT triggers involuntary rebinding, and client can't react to >such rebindings fast enough.
You are right. If client doesn't know that a re-bind has happened and therefore sends data using the same Id, it's trackable. In this case I think the trade-off you are doing is letting the session survive even you are potentially trackable. This is probably Nikos' use case. >So it would be limited to cases where the client has non-NAT connection >and is renumbered. And such pretty rarely happens. My use case is an IoT device that voluntarily (or better, knowingly) migrates its attachment from IP to GSM-SMS and vice-versa and wants to keep the (painfully) negotiated session open. Here the client is in complete control of the situation and can do the Id rollover at the right point in time. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
