On Thu, Jan 04, 2024 at 04:26:09PM +0000, Dennis Jackson wrote: > From a security perspective, this would be equivalent to having the > client open a new connection to the server using a session ticket from > the existing connection with psk_dhe_ke mode? > > I guess the ergonomics of that approach perhaps aren't as neat, but it > would only require client side implementation changes and no spec or > server-side changes to deploy.
Opening a new connection is rather distruptive in some applications, even if done as make-before-break. For example, if application ties some resources to existence of connection, there would have to be some mechanism to transfer the resources from old connection to new to avoid distruption from the resources going away. And very few applications are capable of doing that. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
