On Wed, May 3, 2017 at 1:20 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> The kind of application whose security requirements preclude use of RFC > 5077 > session tickets can and should likely also avoid both 0-RTT and session > resumption entirely. I don't agree with this. Why should users of mobile devices, to pick one example, have to choose between speed and the extra risk of data disclosure for their requests and passwords? Second-guessing the server's design by looking at ticket sizes seems rather > contrived. > It's not a second guess. If the ticket size is smaller than the RPSK, then it provably can not have been self-encrypted. But I agree that it says nothing about the server-side security. They might be posting the keys to twitter. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
