On Sat, May 6, 2017 at 5:35 PM, Christian Huitema <huit...@huitema.net> wrote:
> > > On 5/4/2017 10:12 PM, Eric Rescorla wrote: > > > > Obligatory note that if clients are forbidden from reusing a single > > PSK for multiple 0-RTT, they can still use it for 1-RTT. > > Yes, they can. But doing so leaks a unique identifier, which can be used > to link sessions. When I look at the privacy implications as well as the > replay attacks, there is real value in using a resume ticket only once. > Agreed. Also, I think that's Ben Kaduk you're quoting :) -Ekr > > -- Christian Huitema > > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
