On Fri, Sep 20, 2019 at 1:07 AM Mohit Sethi M <mohit.m.sethi= 40ericsson....@dmarc.ietf.org> wrote:
> Chrisitian Huitema rightly points out that having free from PSKIdentity is > good from a privacy perspective as an attacker cannot distinguish between > initial authentication and resumption. However, if the server first has to > lookup the resumption PSKs table before checking for any matching external > PSKs, the timing information would leak that nonetheless. > This timing issue is a good concern to raise. However, it made me wonder why the various ESNI drafts don't allow any ClientHello field or extension to be encrypted. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
