On 3/29/2019 11:54 AM, Watson Ladd wrote: > Dear all, > TLS 1.3 resumption doesnt have the cookie problem TLS 1.2 does. > Resumption is a big gainĀ for performance and is likely to be more so > in the future so I propose 5.1.3.1 be edited accordingly. > > Also I wonder why we aren't talking about all resolvers.
With TLS 1.3, clients can make sure that they use tickets only once, and thus that the connections will not be easily correlated by outside observers. That's great. But the server can always correlate the new session with the previous session that's being resumed, and with all the sessions before that in a chain of resumptions. That means the server can track the client. If the client does not want that, it will not use session resumption. Hence, the requirement that "Clients should not be required to use TLS session resumption". -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
