On Tue, May 02, 2017 at 04:52:17PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2017-05-02 14:57:54 -0500, Nico Williams wrote: > > Well, I did say that to me there's not much difference to _me_ between > > "connections reusing the same ticket can be correlated to each other" > > and "connections reusing the same ticket can be correlated to each other > > and the connection whence the ticket". Others might disagree, > > I disagree, Nico! :)
Excellent. So now consider what followed the above. That is, that the correct thing to do is to properly encrypt a timestamp rather than XOR an OTP that then gets reused when the ticket gets reused. Why on Earth are still doing improper crypto in TLS?!‽ In TLS 1.3 no less! Call it "janky", call it what you will. It's broken. Please fix. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
