On Monday, 3 February 2020 06:49:15 CET, Viktor Dukhovni wrote:
On Sun, Feb 02, 2020 at 09:01:45PM -0800, Eric Rescorla wrote:
My point is not that servers which do not renew are not compliant but
rather that TLS 1.3 has taken the position that reuse is bad and
therefore we should not add an extension to facilitate it.
Re: C.4 Clients SHOULD NOT reuse a ticket for multiple connections.
Reuse of a ticket allows passive observers to correlate
different connections.
But ticket reuse is patently a win when connection correlation is an
unavoidable and even desirable feature of the network relationship
between the parties.
the thing is that getting extra ticket from the server is at most an
inconvenience for postfix
for other usages, reusing aticket may be a security breach
just by virtue of being defined, it will be implemented by some libraries,
which means in turn that it will be used incorrectly by somebody
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
