target = "https://tools.ietf.org/rfc/rfc8446#4.2.11.1"

# 4.2.11.1.  Ticket Age
#
# The client's view of the age of a ticket is the time since the
# receipt of the NewSessionTicket message.  Clients MUST NOT attempt to
# use tickets which have ages greater than the "ticket_lifetime" value
# which was provided with the ticket.  The "obfuscated_ticket_age"
# field of each PskIdentity contains an obfuscated version of the
# ticket age formed by taking the age in milliseconds and adding the
# "ticket_age_add" value that was included with the ticket (see
# Section 4.6.1), modulo 2^32.  This addition prevents passive
# observers from correlating connections unless tickets are reused.
# Note that the "ticket_lifetime" field in the NewSessionTicket message
# is in seconds but the "obfuscated_ticket_age" is in milliseconds.
# Because ticket lifetimes are restricted to a week, 32 bits is enough
# to represent any plausible age, even in milliseconds.

[[spec]]
level = "MUST"
quote = '''
Clients MUST NOT attempt to
use tickets which have ages greater than the "ticket_lifetime" value
which was provided with the ticket.
'''