Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Viktor Dukhovni <> Mon, 03 February 2020 05:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A85121208E9 for <>; Sun, 2 Feb 2020 21:49:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id My1GYMyUDKOC for <>; Sun, 2 Feb 2020 21:49:17 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 020181208E6 for <>; Sun, 2 Feb 2020 21:49:15 -0800 (PST)
Received: by (Postfix, from userid 1001) id 2111E38E68; Mon, 3 Feb 2020 00:49:15 -0500 (EST)
Date: Mon, 3 Feb 2020 00:49:15 -0500
From: Viktor Dukhovni <>
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 03 Feb 2020 05:49:19 -0000

On Sun, Feb 02, 2020 at 09:01:45PM -0800, Eric Rescorla wrote:

> My point is not that servers which do not renew are not compliant but
> rather that TLS 1.3 has taken the position that reuse is bad and
> therefore we should not add an extension to facilitate it.

Re: C.4  Clients SHOULD NOT reuse a ticket for multiple connections.
         Reuse of a ticket allows passive observers to correlate
         different connections.

But ticket reuse is patently a win when connection correlation is an
unavoidable and even desirable feature of the network relationship
between the parties.

Receiving MTAs strongly discriminate against direct-to-mx traffic from
dynamic IPs.  Sending MTAs on the public Internet strive to build up a
positive IP reputation, and operators only reluctantly shift traffic to
new addresses when the old must unavoidably be retired.

There is simply ZERO benefit from ticket churn.  Similar considerations
apply in many other "fixed endpoint" deployments.

What I hear TLS 1.3 telling me, is to eat the porridge, after all there
are starving children in Africa, and I must set a good example lest they
too refuse to eat.

If so, it seems I must stuff my application full of unnecessary tickets,
because someone somewhere might actually be a few tickets short...  If
so, this is regrettable.