* I'm not sure if it's ever been written down anywhere (probably should be...), but I think resumption is pretty much universally interpreted as authenticating as the identities presented over the original connection, client and server. That means that, independent of this draft, the client should only offer a session if it is okay with both accepting the original server identity, and presenting the original client identity. (Analogously, HTTP connection reuse reuses TLS handshake-level decisions, so you have to be okay with that decision to reuse the connection.)
Totally agree. @ekr, you want to make this change in your BIS draft?
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
