On Tue, May 02, 2017 at 01:33:37PM -0400, Viktor Dukhovni wrote: > > On May 2, 2017, at 10:44 AM, Colm MacCárthaigh <c...@allcosts.net> wrote: > > https://github.com/tlswg/tls13-spec/issues/1001 > > > > I'll summarize the summary: Naturally the focus was on forward > > secrecy and replay. On forward secrecy the main finding was that > > it's not necessary to trade off Forward Secrecy and 0-RTT. A > > single-use session cache can provide it, and with the modification > > that ekr has created in https://github.com/tlswg/tls13-spec/pull/998 > > , such a cache works for both pre-auth and post-auth tickets, and it > > allows clients to build up pools of meaningfully distinct tickets.
With existing APIs, dealing with "pools of meaningfully distinct tickets" seems meaningfully non-trivial. > > There's also an observation there that it should really be that > > clients "MUST" use tickets only once. Any re-use likely discloses > > the obfuscated ticket age, which is intended to be secret. Right now > > it's a "SHOULD". Why should ticket age disclosure be a problem? How does ticket one-time use not do the same? > Well, just a few days ago there was a discussion of ticket re-use, and > I was re-assured that ticket re-use was likely to going to work just > fine... I sure hope so!! Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
