Hi, Though the proposal relies on BCP195, I'm afraid there is a serious contradiction between the following statements in BCP195: o Ticket keys MUST be changed regularly, e.g., once every week, so ^^^^^^^^^^^^^^^ as not to negate the benefits of forward secrecy (see Section 6.3 for details on forward secrecy). and o If exponents are reused for too long (e.g., even more than a few ^^^^^^^^^^^^^^^^^^^^ hours), an attacker who gains access to the host can decrypt ^^^^^ previous connections. In other words, exponent reuse negates the effects of forward secrecy. that it must be revised to shorten the duration of the former statement before being used for the real world security. Also, it should be honest to state that HTTPS for IETF may be useless against USG surveillance. Masataka Ohta