IETF Logo Mail Archive

Re: [TLS] Question on Stateless TLS Session Resumption

Eric Rescorla <ekr@networkresonance.com> Sun, 14 January 2007 06:31 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5ytt-0001vT-EA; Sun, 14 Jan 2007 01:31:29 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5yts-0001vD-Aw for tls@ietf.org; Sun, 14 Jan 2007 01:31:28 -0500
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H5ytr-0003pf-0W for tls@ietf.org; Sun, 14 Jan 2007 01:31:28 -0500
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 0B7141E8C28; Sat, 13 Jan 2007 22:31:26 -0800 (PST)
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [TLS] Question on Stateless TLS Session Resumption
References: <C24CB51D5AA800449982D9BCB90325133C9A2E@NAEX13.na.qualcomm.com> <863b6eh9v5.fsf@raman.networkresonance.com> <45A973A0.4000105@qualcomm.com> <86irfafo3j.fsf@raman.networkresonance.com> <45A99B9E.8060208@qualcomm.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Sat, 13 Jan 2007 22:31:25 -0800
In-Reply-To: <45A99B9E.8060208@qualcomm.com> (Lakshminath Dondeti's message of "Sat, 13 Jan 2007 18:55:26 -0800")
Message-ID: <86bql2f7b6.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Lakshminath Dondeti <ldondeti@qualcomm.com> writes:
>> However, as you indicate, you might want to explicitly terminate
>> a session. As Vidya indicated, this requires server side state,
>> though less than a session cache would require.
>
> Right, this is what I was pointing out as "difficult" (for some degree
> of difficulty :) ).  Either we need more state or more state plus some
> more computation to invalidate a ticket (I am thinking a hash
> computation), if the identity (session id) is not fixed. 

Actually, the existence of the session ID doesn't change matters
much at all. Whatever operations you would follow with the
session ID you follow with the ticket. 


> Yes, I took
> a quick at the relevant portions of the paper you cite, but that
> analysis assumes that there is a session id and assumes that the
> server has a blacklist of invalidated sessions.

RFC 4507 has both a ticket and a session ID. BSR04 uses the
ticket as the session ID.

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email