On Mon, Sep 26, 2016 at 4:09 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > > There are other ways to accomplish this. For example, the server might > use session ticket keys that are stored centrally encrypted under a > suitable escrow key. If clients always enable session tickets, then > every handshake will result in the server returning a session ticket, > in which case the session can be later decrypted if the session ticket > keys are available. >
This actually doesn't work in TLS 1.3 because the resumption master secret is not sufficient to decrypt the connection in which it was established. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
