In WG discussion of draft-vvv-tls-cross-sni-resumption-00, tracking
implications came up. While that draft does expand the set of servers
that can cross-resume, it's not a new issue. For instance, on the Web,
if https://a.example and https://b.example both include a subresource to
a common https://tracker.example, TLS session resumption may be used to
correlate activity across the two sites.
Add some text to discuss this. This is distinct from the single-use
ticket mitigation, which only covers correlation by passive observers.
Correlation by the server itself is pretty much inherent to session
resumption and other cache-like optimizations. Instead, the text points
this out and gives an example of how applications can keep their
resumption scopes consistent with their privacy goals.
In WG discussion of draft-vvv-tls-cross-sni-resumption-00, tracking implications came up. While that draft does expand the set of servers that can cross-resume, it's not a new issue. For instance, on the Web, if https://a.example and https://b.example both include a subresource to a common https://tracker.example, TLS session resumption may be used to correlate activity across the two sites.
Add some text to discuss this. This is distinct from the single-use ticket mitigation, which only covers correlation by passive observers. Correlation by the server itself is pretty much inherent to session resumption and other cache-like optimizations. Instead, the text points this out and gives an example of how applications can keep their resumption scopes consistent with their privacy goals.
Fixes #1201.
(CC @vasilvv)