crypto/tls: reduce session ticket linkability - go - Fork of Go programming language with my patches.

diff options

author	Filippo Valsorda <filippo@golang.org>	2023-05-19 23:28:43 +0200
committer	Filippo Valsorda <filippo@golang.org>	2023-05-24 23:56:24 +0000
commit	6b020be648960440b1f02d28889a6e050f59c31c (patch)
tree	f0dd84974d380b780a3b006d96e83b889f06ee00 /src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA
parent	08458804fb6591397fe1c58f4e04fd490e70fbcb (diff)
download	go-6b020be648960440b1f02d28889a6e050f59c31c.tar.xz

crypto/tls: reduce session ticket linkability

Ever since session ticket key rotation was introduced in CL 9072, we've been including a prefix in every ticket to identify what key it's encrypted with. It's a small privacy gain, but the cost of trial decryptions is also small, especially since the first key is probably the most frequently used. Also reissue tickets on every resumption so that the next connection can't be linked to all the previous ones. Again the privacy gain is small but the performance cost is small and it comes with a reduction in complexity. For #60105 Change-Id: I852f297162d2b79a3d9bf61f6171e8ce94b2537a Reviewed-on: https://go-review.googlesource.com/c/go/+/496817 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

Diffstat (limited to 'src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: