On Thu, Mar 5, 2020 at 12:55 PM Nico Williams <n...@cryptonector.com> wrote: > > .... unless both parties agree. It takes two to agree.
As far as I am aware session tickets being single use isn't enforced by any server right now: it's a desirable but theoretical property for 0-RTT. My skepticism is entirely a function of this being a late breaking change to a relatively simple proposal, with not very much in the way of quantifiable evidence to back up the concern that shared cache contention is a big overhead. Is it 1%? .5? 10%? of the total time to use a connection. At 10% we definitely need to do something, at .01% we almost certainly don't. > > What are the problems with ticket reuse? Well: > > 1) session linkage > > 2) early data doesn't get rekeyed, so you get key reuse and the early > data is replayable > > In the case of SMTP, however, (1) is not a problem for obvious reasons, > and (2) is N/A. > > For SUBMIT, (1) is a problem, so don't allow it, and (2) is N/A. > > SMTP doesn't care about session linkage because it's MTA<->MTA traffic > that is already aggregating multiple users' traffic, plus email is > store-and-forward, so there is no real privacy loss for users. > > Nico > -- > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
