On Tue, May 2, 2017 at 11:00 AM, Nico Williams <n...@cryptonector.com> wrote:
> I would think that the ticket itself is enough for that when using > 0-rtt. I.e., if you don't want connection correlation to be possible, > you can't use 0-rtt. I don't think so. If the ticket is encrypted when it issued, I don't follow how it could be used to correlate the original connection with the 0-RTT connection. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
