Also of interest: https://www.imperialviolet.org/2013/06/27/botchingpfs.html
On 10/16/2013 08:16 PM, Peter Saint-Andre wrote: > I'm curious to know how existing XMPP implementations do TLS session > resumption: using session IDs (i.e., the client and the server each > store state on their own) or session tickets (the server encrypts its > state and sends it to the client for storage off the server). IMHO the > session ID approach makes more sense for XMPP and the session ticket > approach makes more sense for HTTP (given the existence of cookies), but > I don't have empirical data here. And BOSH is an interesting hybrid > case, too... > > Thanks! > > Peter >
