RFC: re-using the Client Hello session identifier to associate DTLS clients
Currently the openconnect (protocol) client uses a custom extension to provide information to the server on which session it was previously associated with. However, a private extension cannot be defined in IETF without having approval from the TLS WG, or from a security area director (who are the same people). As such we should provide that information using alternative methods.
In TLS 1.3 (and DTLS) the session ID field was made obsolete, and as such we could potentially use it to place the same data instead of an extension field. My understanding is that we can do it safely because (1) there is no session resumption -in the tls1.2 or earlier sense- involved in the DTLS channel, and (2) ocserv is already checking this field for that value due to the old protocol format.
Comments, suggestions, improvements?