On Thu, Apr 30, 2020 at 2:40 AM Ben Smyth <resea...@bensmyth.com> wrote:
> Section 4.2.11.1 explains that: > > ...PskIdentity contains an obfuscated version of the ticket age formed by > taking the age in milliseconds and adding the "ticket_age_add"... This > addition prevents passive observers from correlating connections unless > tickets are reused. > > So: Correlations are possible when tickets are reused. But, what > connection correlations are prevented when tickets aren't reused? > If ticket X is issued at time T and then reused at time T+delta, it prevents the attacker from learning delta and hence from learning T. -Ekr > > Best regards, > > Ben > -- > TLS 1.3 tutorial: https://bensmyth.com/publications/2019-TLS-tutorial/ > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls