Hi,
Though the proposal relies on BCP195, I'm afraid there is a serious
contradiction between the following statements in BCP195:
o Ticket keys MUST be changed regularly, e.g., once every week, so
^^^^^^^^^^^^^^^
as not to negate the benefits of forward secrecy (see Section 6.3
for details on forward secrecy).
and
o If exponents are reused for too long (e.g., even more than a few
^^^^^^^^^^^^^^^^^^^^
hours), an attacker who gains access to the host can decrypt
^^^^^
previous connections. In other words, exponent reuse negates the
effects of forward secrecy.
that it must be revised to shorten the duration of the former
statement before being used for the real world security.
Also, it should be honest to state that HTTPS for IETF may be
useless against USG surveillance.
Masataka Ohta