IETF Logo Mail Archive

Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint

Martin Thomson <martin.thomson@gmail.com> Tue, 23 February 2016 18:54 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 963B11A6FBA for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 10:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYVkG30Vg1w3 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 10:54:48 -0800 (PST)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B183A1A702E for <tls@ietf.org>; Tue, 23 Feb 2016 10:54:48 -0800 (PST)
Received: by mail-io0-x235.google.com with SMTP id 9so225212228iom.1 for <tls@ietf.org>; Tue, 23 Feb 2016 10:54:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WX0KTq7IEQLmoHmcWN3JtaI4MG/fDoeeZ3sJseTJfUc=; b=D6FB6kZLH0MLyje4rFcawFpcyrflR9H0BQg3u63HPxfrtBaXTnBRLapZfwgybQipZa BgzgURYYu4W8DNXOX3eOLCbzCdYS+PV+7OjRwXMEy5tOk1+GpaG2ekbiMaTwYwupKQU5 EJqVpEXLMLed9ApLkZXlmRL8oILaiRndpn8hlR3kdxZF7cYgqYLYRBt2e/Dn2m1sXqq2 /rZOpRpSlBoKepke4BoE3VZuZ1dYmLxfUPw2loNE4HSaskN63fh4y86meZQwfCPscr8F 3nMmCSilds2V9zIXG4mkAQ88C8Y/uWgrqmBp1fNMkwfX/8THgDuSjL62voIoAko9jutj wsaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=WX0KTq7IEQLmoHmcWN3JtaI4MG/fDoeeZ3sJseTJfUc=; b=FOIL1HmLSbyDDNEuaJAPds0/l1A5i3+EKg/hkHrL8NQ+1PrkxtDOznI0ttnRFoxF+Q 9UiK88HyOeLo6px1p10i2mCNOWP6SMq+A2czMyOeUITLRWNX1/wPWFmx8qsBv0ehYQ9v kA4jcb7ZCzKo3s3Z45/JfE+4/DpJo8wLBjhCUr3p13c3l25QhncRUSmiH3ArAgT0plDC CFmW6P3Vl3JlxMbytXG9si0bs3dL7xfkoYC/p9qvFHiz5jBgtJNj+SIr3nWRPiwShbkm kONkM7LhEPmsyaIXRzj/nlXc0zj982aSp2EkhF/LlalkEMHOHyn9kZ5bH/kMAfhHyV+V EK1Q==
X-Gm-Message-State: AG10YOSPVcbDl0FNy5ByQF/ZV7lNxGMJ7lca+LdHW4X7aoBtfd2Bzce2GmjREFS5l100ARQ/raFRqwziWhmhTQ==
MIME-Version: 1.0
X-Received: by 10.107.41.133 with SMTP id p127mr23781297iop.100.1456253688130; Tue, 23 Feb 2016 10:54:48 -0800 (PST)
Received: by 10.36.53.79 with HTTP; Tue, 23 Feb 2016 10:54:48 -0800 (PST)
In-Reply-To: <56CCA853.4070601@akamai.com>
References: <CAFDDyk_dFOwv=GiQY7FdPqVcBR2ynN1fg0FzU8LeiYVDFPgArQ@mail.gmail.com> <56CCA853.4070601@akamai.com>
Date: Tue, 23 Feb 2016 10:54:48 -0800
Message-ID: <CABkgnnW_cTaVmE0Tf1vSFA-s8t-reqCYkvoVFzuckn3AuGfjHQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/02hY5borAUkUkNqvi9riSdix2vg>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 18:54:50 -0000

On 23 February 2016 at 10:43, Benjamin Kaduk <bkaduk@akamai.com> wrote:
> But leave it as a relative time, contrasting the absolute expiration time of
> the server configuration -- why not go for full-out parallelism?


As I have said before, the value of absolute time here is that it
allows for the use of server configuration outside of the context of
the TLS 1.3 handshake.  Given that we are now seriously discussing
removing ServerConfiguration from TLS 1.3, this is probably moot.

v2.23.0 | Report a Bug | By Email