On 13 March 2017 at 10:55, Brian Smith <br...@briansmith.org> wrote: >> So, I'd prefer to bring session IDs back, and >> to arrange things so that they're always server-generated. > > Even in earlier versions, session IDs were not required with > resumption using tickets. The server sends an empty session ID and the > client may (should, IMO) send an empty session ID in the resumption > hello.
This is true, but I believe that there are compatibility reasons to send the session ID anyway. I don't know the details, but it probably comes down to the load balancing thing that Ivan is asking about. All told, this was a mess in previous versions. Now we at least have a hope of maintaining unlinkability. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
