I'm curious to know how existing XMPP implementations do TLS session resumption: using session IDs (i.e., the client and the server each store state on their own) or session tickets (the server encrypts its state and sends it to the client for storage off the server). IMHO the session ID approach makes more sense for XMPP and the session ticket approach makes more sense for HTTP (given the existence of cookies), but I don't have empirical data here. And BOSH is an interesting hybrid case, too...
Thanks! Peter
