alandekok
commented
1 month ago I've be in favor of making it a MUST. I don't see any benefit for an implementation to not implement resumption.
Open fmauchle opened 1 month ago
alandekok
commented
1 month ago I've be in favor of making it a MUST. I don't see any benefit for an implementation to not implement resumption.
fmauchle
commented
1 month ago I've be in favor of making it a MUST. I don't see any benefit for an implementation to not implement resumption.
I vote against a MUST. The benefit for implementos is saving time and effort (if a particular device or application is unlikely to gain much from it, thinking of Wifi APs rather just keep a connection open at all times). And not implementing it doesn't break anything.
TLS session resumption is currently a SHOULD requirement for DTLS and for TLS-PSK.
Unify this recommendation for all use of (D)TLS and provide guidance for re-authorization as proposed by TLS-PSK.