On Sun, Dec 6, 2015 at 6:50 AM, Bill Cox <waywardg...@google.com> wrote:
> In the past, there were two cases: resumption using session IDs, and > resumption with session tickets. Using session IDs loses forward secrecy, > because the server always has session keys in a session cache, which could > be used to decrypt the prior sessions. Using tickets did not work either, > because the server always kept a ticket decryption key which could be used > to decrypt all resumed sessions since the key was last rotated. > > My first question is: Do we care? > At least for session tickets, I don't care. There's a simple enough way to solve that problem: rotate the session ticket key every few days. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls