> On May 3, 2017, at 3:19 PM, Colm MacCárthaigh <[email protected]> wrote:
>
> Type 2.2 - Same as 2.1, but required to be smaller than RPSK in size, to
> prevent self-encryption.
The kind of application whose security requirements preclude use of RFC 5077
session tickets can and should likely also avoid both 0-RTT and session
resumption entirely. Otherwise, allow the server to choose a sensible session
management approach.
Second-guessing the server's design by looking at ticket sizes seems rather
contrived.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
