> On May 3, 2017, at 12:01 PM, Salz, Rich <[email protected]> wrote:
>
> The protocol design should avoid setting traps for the unwary.
No, that responsibility falls on libraries. STEKs are not a trap for the
unweary. Libraries that support static session tickets by default can be
viewed as such a trap. So the onus to fix this is on us (OpenSSL team)
not the TLS protocol.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
