Brian Smith posted an RFE to GitHub a few months ago requesting "A mechanism is needed to indicate that a session will not be resumed": https://github.com/tlswg/tls13-spec/issues/137
The goal is to provide a simple way for either endpoint to request that the master secret be forgotten ASAP to provide a greater assurance of confidentiality. I've written up a short proposal with idea about how I'd suggest going about this: https://github.com/tlswg/tls13-spec/compare/master...davegarrett:resetnotify The idea is to simply add a new "reset_notify" alert (generally a warning) which may be sent by either endpoint as soon as record protection is available, after which both endpoints would stop caching shared secrets after completion of traffic key completion. This could be sent right from the start, at the end of a connection just prior to a standard "close_notify", or at any point in between. This seems like a simple route that does what is specified in issue #137 without the creation of any new extensions or messages; just one new alert value. Comments? Suggestions? Any reason this would break everything? No PR yet. Just a WIP branch to spec out the idea, so far. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
