Absolutely not a coincident that Google is proposing a protocol that allows protocol level user tracking. By making the session ticket server-initiated and not client-controlled all control is also stripped from the user.
The clients are free to make another "connection" and get a new session id every time they want. It's similar to http connection reuse: the src ip-port + dst-port also acts as a "session identifier", as long as multiple requests flow throug the same TCP connection.
mgrund|4 years ago
ithkuil|4 years ago
joveian|4 years ago
ilove196884|4 years ago
[deleted]