Merge pull request #1325 from ekr/issue1308_meaningful_external_ident…

…ities Recommend not using legible identities. Fixes #1308
tlswg · Jul 27, 2023 · da712dc · da712dc
2 parents 9cd3649 + 02cb675
commit da712dc
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md
@@ -5327,6 +5327,15 @@ Clients and Servers SHOULD NOT reuse a key share for multiple connections. Reuse
 of a key share allows passive observers to correlate different connections. Reuse
 of a client key share to the same server additionally allows the server to correlate different connections.
 
+It is RECOMMENDED that the labels for external identities be selected so that they
+do not provide additional information about the identity of the
+user. For instance, if the label includes an e-mail address, then
+this trivially identifies the user to a passive attacker,
+unlike the client's Certificate, which is encrypted. There are a number of potential
+ways to avoid this risk, including (1) using random identity labels
+(2) pre-encrypting the identity under a key known to the server or (3)
+using the Encrypted Client Hello {{?I-D.ietf-tls-esni}} extension.
+
 If an external PSK identity is used for multiple connections, then it
 will generally be possible for an external observer to track
 clients and/or servers across connections. Use of the