On Sat, Nov 16, 2019 at 05:05:46AM -0500, Viktor Dukhovni wrote: > On Thu, Nov 14, 2019 at 08:05:34AM -0800, Christopher Wood wrote: > > > The only comment that was not integrated was the desire to use the hint > > to express not only a count, but also a bit indicating whether or not > > clients will accept a ticket if the server needs to send one (e.g., if its > > STEK is about to rotate and any old tickets would expire). The authors did > > not incorporate that into the document since it added complexity and there > > didn't seem to be much support for it. > [...] > > The -03 draft added a sentence suggesting that clients should ask for just > one ticket on resumption, but I would like to suggest that this logic > belongs in the server.
We should probably be emphasizing that *all* policy belongs on the server, and we are just defining a signal for the client to convey some information as input to the server's decision. In that mindset I'm not sure that the "subtract one" signal is the most satisfying design (though I concede that it is probably the most efficient encoding). -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
