Recommend not using legible identities. Fixes #1308

tlswg · Jul 10, 2023 · 1f4565e · 1f4565e
1 parent 9cd3649
commit 1f4565e
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md
@@ -5327,6 +5327,14 @@ Clients and Servers SHOULD NOT reuse a key share for multiple connections. Reuse
 of a key share allows passive observers to correlate different connections. Reuse
 of a client key share to the same server additionally allows the server to correlate different connections.
 
+It is RECOMMENDED that the labels for external identities be selected so that they
+do not provide additional information about the identity of the
+user. For instance, if the label includes an e-mail address, then
+this trivially identifies the user. There are a number of potential
+ways to avoid this risk, including (1) using random identity labels
+(2) pre-encrypting the identity under a key known to the server or (3)
+using the Hello Encrypted Client Hello {{?I-D.ietf-tls-esni}} extension.
+
 If an external PSK identity is used for multiple connections, then it
 will generally be possible for an external observer to track
 clients and/or servers across connections. Use of the