> On May 2, 2017, at 2:15 PM, Colm MacCárthaigh <c...@allcosts.net> wrote:
>
> In that case, I only reason I see to stop using tickets multiple times is to
> protect
> the obfuscated age. It reads to me like its purpose would just be defeated.
> Is it
> really that hard for clients to use a 1-for-1 use-a-ticket-get-a-ticket
> approach?
Yes, it is difficult to do 1-for-1. In postfix there are parallel client
processes
reading a shared session cache, and parallel writers updating that cache, and
without
major changes to the code, when two writers update the cache back to back only
one
ticket (really SSL_SESSION object) is saved. Under load, many clients would not
find a ticket at all.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
