The server shouldn't use a token for much #1647
Labels
-transport
design
An issue that affects the design of the protocol; resolution requires consensus.
has-consensus
An issue that the Chairs have determined has consensus, by canvassing the mailing list.
The token that a server provides in Retry or NEW_TOKEN isn't authenticated. It can be used multiple times and it isn't folded into the handshake. This is an explicit limitation of the design. Neither client nor server can therefore rely on its contents for much. A server can ensure that the token is self-authenticating (by including a MAC or self encrypting it with an AEAD, for instance), but it shouldn't really use the information beyond its immediate purpose: address validation.
The text was updated successfully, but these errors were encountered: