Currently, TLS 1.3 specification forbids resuming the session if SNI values do not match. This is inefficient in multiple cases, for example, if you have a wildcard domain cert, and the user is likely to visit multiple subdomains over a longer timespan, so there is no existing connection to pool on (or it's impossible to pool because of different IP addresses).
Last time we discussed this, https://www.ietf.org/mail-archive/web/tls/current/msg21655.html no one has pointed out a good security reason why this should be forbidden. Also, the requirement as stated requires the server to enforce it, while in reality, most implementations I am familiar with offload the burden to the clients. I wrote the following PR to remove the requirement: https://github.com/tlswg/tls13-spec/pull/1080 The PR still discourages clients to resume across domains by default (due to likelihood of wasting a ticket which could have came in handy later), so I'm currently writing a draft for an extension to inform clients that it's okay to do that (it will be in spirit of PR #777 <https://github.com/tlswg/tls13-spec/pull/777>). -- Victor.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
