Regarding the ability for passive observers' tracking of clients across connections (and potentially across IPs) via a session ticket used more than once, should there be any language around recommended practice here, especially for clients?
An appropriately-configured server can help the client avoid this problem without performance penalty by issuing a new session ticket on every connection (for non-overlapping handshakes) and/or multiple on one (to cover that gap), and a client can help by keeping only the most recent ticket for a particular session and/or using a given ticket only once. Thoughts on adding language under "Implementation Notes" such as: "Clients concerned with privacy against tracking by passive observers SHOULD use a PSK/session ticket at most once. Servers SHOULD issue more than one session ticket per handshake, or issue a new session ticket on every resumption handshake, to assist in the privacy of the client while maintaining the performance advantage of session resumption." For pure PSK I assume tracking is less of an issue, but I'm happy to entertain thoughts there, as well. Kyle _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
