Hi Viktor, > On Jan 31, 2020, at 5:24 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > >> On Jan 31, 2020, at 8:15 PM, Rob Sayre <say...@gmail.com> wrote: >> >> If the scope of a document can be continually expanded during last call, it >> can be indefinitely postponed. > > I'm not proposing a change of scope. The document specifies how a client > and server negotiate the number of tickets the server should send. This > remains the case. The -04 document leaves out a relevant scenario where > the client does want tickets to be refreshed (so not unconditionally zero), > but does not want gratuitous tickets (new one each time). > > The scope of the document per the abstract includes the following: > > This extension aims to provide a means for > servers to determine the number of tickets to generate in order to > reduce ticket waste, while simultaneously priming clients for future > connection attempts > > My proposal falls squarely in the "in order to reduce ticket waste" category.
The document also is focused on use cases that are all about "avoid[ing] ticket re-use". The security considerations state that "Ticket re-use is a security and privacy concern". While there are some use cases in which ticket re-use allows the reduction of ticket waste, we cannot state that every possible approach to reduce ticket waste is in scope for this particular document. Rather, this document defines its scope as simply: "This document describes a mechanism by which clients can specify the desired number of tickets needed for future connections." Enabling ticket reuse is not part of that scope. Beyond discussing scope creep, I think an even bigger reason to decouple the idea of ticket requests from explicit ticket re-use is the notion of working group consensus. I think the WG has clearly expressed consensus on the fact that ticket requests are a useful and non-harmful extension. Indeed, the proposals to add ticket reuse logic to ticket requests that you want relies on such an extension. However, the group certainly does not seem to have consensus on the idea that there should be an extension to allow ticket reuse. As an author, I don't know if I'd support that. Thus, the working group can progress with the tightly-scoped document that it has consensus on, and leave other use cases to future documents. Thanks, Tommy > > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
