On Mon, Jan 28, 2019 at 10:04 PM Subodh Iyengar wrote:
>
> > Since clients already store tickets, could they not also store the
> time of original ticket issuance and cap the resumption window to N
> (7) days from that point? That is, it seems clients could implement
> this behavior without any pr
> Since clients already store tickets, could they not also store the
time of original ticket issuance and cap the resumption window to N
(7) days from that point? That is, it seems clients could implement
this behavior without any protocol support.
Correct, however the server currently provides a
On Mon, Jan 28, 2019 at 9:43 PM Subodh Iyengar wrote:
>
> In TLS 1.3 we added a maximum age to the ticket lifetime to be 7 days. This
> had several original motivations including reducing the time that a ticket is
> reused (for privacy or PFS). Another major motivation for this was to limit
> t
In TLS 1.3 we added a maximum age to the ticket lifetime to be 7 days. This had
several original motivations including reducing the time that a ticket is
reused (for privacy or PFS). Another major motivation for this was to limit the
exposure of servers that use keyless ssl like mechanisms, i.e.
Hi all,
Last week, we shipped the first developer seed of iOS 12.2. Among other
features, TLS 1.3 is now enabled by default for the entire system. All users of
Network.framework and NSURLSession APIs will now negotiate TLS 1.3. The number
of TLS 1.3 capable clients on the Internet should take q
