Re: [quicwg/base-drafts] Text on session resumption (#3566)

ianswett <> Wed, 08 April 2020 14:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7CE343A0C88 for <>; Wed, 8 Apr 2020 07:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.267
X-Spam-Status: No, score=-3.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6uWBskkaIgio for <>; Wed, 8 Apr 2020 07:12:42 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6FA273A0CA8 for <>; Wed, 8 Apr 2020 07:12:11 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 88B0CC60B24 for <>; Wed, 8 Apr 2020 07:12:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1586355130; bh=QAOPEHUQT6PTp/cHcBTwwTuWj7Ih57/diWqBEdvfewY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=sxR+KDCFbXHVI3/nolJvmTpX4oV8ztXZ21S6AHyzmyQAh+MKRZNBZef4CU+D17RKn ofZ9Z6hwjy9vLgpQLXkbuocSwDnH3RUdjn/kFmY1pLk4SKl4VEv/fqGaPBMBrEwp4B pFHj2LG35xLOTWWLdS8YPIgG4MSvNAZ/p3Jrgxr0=
Date: Wed, 08 Apr 2020 07:12:10 -0700
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3566/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Text on session resumption (#3566)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e8ddbba78dee_af23f940c6cd95c130836"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Apr 2020 14:12:45 -0000

@ianswett approved this pull request.

> @@ -648,6 +648,31 @@ messages and clients MUST treat receipt of such messages as a connection error
+## Session Resumption {#resumption}
+QUIC can use the session resumption feature of TLS 1.3. It does this by
+carrying NewSessionTicket messages in CRYPTO frames after the handshake is
+complete. Session resumption is the basis of 0-RTT, but can be used without
+also enabling 0-RTT.
+Endpoints that use sesion resumption might need to remember some information

Endpoints that use session resumption might need to remember some information

> +
+Endpoints that use sesion resumption might need to remember some information
+about the current connection when creating a resumed connection. TLS requires
+that some information be retained; see Section 4.6.1 of {{!TLS13}}. QUIC itself
+does not depend on any state being retained when resuming a connection, unless
+0-RTT is also used; see {{enable-0rtt}} and Section 7.3.1 of
+{{QUIC-TRANSPORT}}. Application protocols could depend on state that is
+retained between resumed connections.
+Clients can store any state required for resumption along with the session
+ticket. Servers can use the session ticket to help carry state.
+Session resumption allows servers to link activity on the original connection
+with the resumed connection, which might be a privacy issue for clients.
+Clients can choose not to enable resumption to avoid creating this correlation.
+Client SHOULD NOT reuse tickets as that allows entities other than the server

Client SHOULD NOT use a single ticket more than once as that allows entities other than the server

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: