On Fri, Sep 20, 2019 at 1:07 AM Mohit Sethi M <mohit.m.sethi= [email protected]> wrote:
> Chrisitian Huitema rightly points out that having free from PSKIdentity is > good from a privacy perspective as an attacker cannot distinguish between > initial authentication and resumption. However, if the server first has to > lookup the resumption PSKs table before checking for any matching external > PSKs, the timing information would leak that nonetheless. > This timing issue is a good concern to raise. However, it made me wonder why the various ESNI drafts don't allow any ClientHello field or extension to be encrypted. thanks, Rob
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
