On 5/4/2017 10:12 PM, Eric Rescorla wrote: > > Obligatory note that if clients are forbidden from reusing a single > PSK for multiple 0-RTT, they can still use it for 1-RTT.
Yes, they can. But doing so leaks a unique identifier, which can be used to link sessions. When I look at the privacy implications as well as the replay attacks, there is real value in using a resume ticket only once. -- Christian Huitema _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
