On Tue, May 2, 2017 at 1:52 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> On Tue 2017-05-02 14:57:54 -0500, Nico Williams wrote: > > Well, I did say that to me there's not much difference to _me_ between > > "connections reusing the same ticket can be correlated to each other" > > and "connections reusing the same ticket can be correlated to each other > > and the connection whence the ticket". Others might disagree, > > I disagree, Nico! :) > > The difference here is between saying: > > * clients that want the latency benefit of session resumption can be > careful to avoid ticket reuse and their connections will be > unlinkable to a network observer who records session IDs. > versus: > > * clients that want the latency benefit of session resumption must > accept that a network observer can trivially know that each > connection is linkable to the previous one. > Agreed with your summary, but just a small note: clients might also want forward secrecy which is why I was suggesting that clients be able to request/enforce a STEK-less ticket. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
