Hi Roger,
thanks for the detailed response on TLS session resumption - very interesting!
I've also continued investigations, and it looks like pre-shared keys might satisfy my use case. My idea is, that clients would initially connect with TLS via certificate. A process on the broker would post a new pre-shared key via MQTT o all authenticated clients once per hour. If a client gets disconnected, it could use the last hour's pre-shared key to quickly reconnect. For the broker, the 2 or 3 last hours worth of pre-shared keys would be considered valid. If a client gets disconnected for longer, he'd have to fall back to the cert authentication again.
This approach seems to give me all that I wanted from session resumption with long lifetime, plus ticket secret rotation. Clients need to make sure they don't leak the pre-shared key but I think I can satisfy that (and it's similar to not leaking the session ticket).
I've made one interesteing observation though: If a single listener supports both ca_file and psk_file kind of authentication in mosquitto.conf , performance of psk authentication is almost as bad as certificate based authentication ... that is, almost 100 times slower than a listener only supporting psk_file authentication.
Does that make any sense to you, should I use 2 separate listeners for such a config?
Thanks,
Martin