On Tue, Dec 18, 2018 at 12:45:22AM -0600, David Benjamin wrote: > Thanks for the comment! The PR did try to touch on this, but perhaps I did a > poor job of wording it: > https://github.com/tlswg/draft-ietf-tls-esni/pull/124/files#diff-4d2dc9df336bea8e17f5eb4ed7cb1107R511 > > The intent is you use the retry keys just for that one retry. Subsequent > connection attempts revert to the DNS-provided ones. Then the server could > correlate the initial connection and the immediately-following retry, but that > initial "connection" was discarded. It's like saying the server can correlate > the client's ClientHello and Finished. An earlier iteration even placed the > retry on the same connection, which makes the analog clearer. (Doing it in the > same connection is rather a mess, so we bounce to a new one.) > > Another possibility might be to require clients treat these like session > identifiers w.r.t. scoping and lifetime, reducing to something existing, but > that is more complex, so the simple solution seemed a better starting point. > > Does that address the concern, or have I missed something?
Oh thanks -- I completely missed that. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
