On Tue, May 2, 2017 at 10:39 AM, Nico Williams <n...@cryptonector.com> wrote:
> With existing APIs, dealing with "pools of meaningfully distinct > tickets" seems meaningfully non-trivial. > I would actually prefer if the client could request N tickets, but was advised that this was too large a change to the protocol. > > There's also an observation there that it should really be that > > > clients "MUST" use tickets only once. Any re-use likely discloses > > > the obfuscated ticket age, which is intended to be secret. Right now > > > it's a "SHOULD". > > Why should ticket age disclosure be a problem? How does ticket one-time > use not do the same? > The draft writes that it is to prevent connection correlation attacks. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
