On Wed, May 03, 2017 at 12:10:12PM -0400, Viktor Dukhovni wrote: > > On May 3, 2017, at 12:01 PM, Salz, Rich <rs...@akamai.com> wrote: > > The protocol design should avoid setting traps for the unwary. > > No, that responsibility falls on libraries. STEKs are not a trap for the > unweary. Libraries that support static session tickets by default can be > viewed as such a trap. So the onus to fix this is on us (OpenSSL team) > not the TLS protocol.
A big +1 to this. I think it would terrible if we couldn't have resumption at all because one common implementation mishandles old key deletion. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
