Re: [TLS] #445: Enhanced New Session Ticket
Martin Thomson <martin.thomson@gmail.com> Thu, 28 April 2016 21:04 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C18C712D1BE for <tls@ietfa.amsl.com>; Thu, 28 Apr 2016 14:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcwvW3TAFQ2o for <tls@ietfa.amsl.com>; Thu, 28 Apr 2016 14:04:00 -0700 (PDT)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B46F12B00F for <tls@ietf.org>; Thu, 28 Apr 2016 14:04:00 -0700 (PDT)
Received: by mail-io0-x236.google.com with SMTP id f89so89633090ioi.0 for <tls@ietf.org>; Thu, 28 Apr 2016 14:04:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=vmhQ6dsDBBWl6U8rcMGHwn8dsCag/pvrH8s1iBIG0Ew=; b=cy0Fxb7AcUQX73OvA32495AujrJS7FbIFFV+d7REltCpCr+baEFDnffZuroodi2X9h U6GZCiejLuDeBx7CIezmtZYN1wF0uUkQTCO8plm6mF75f2BYF50mZJHPJCMQt5iAJ+MM gcpRAwFgQc+q9ZXGcXoXG2ww/CcO+19rOoNgvDXzHgX/FOWjT/WlGRVs5THIWfo0eLun LDWimxQ6PA4GFtX1v9DA6kAwfT7Hw6RnYU81NKE679YKHgB7gWSRXGYOkKWqdOBrA4Hn 3JyvVKPmN7IVjcmKvnUkk4X0I5+uJz0U5UhAQAZOEBtUZFhO9BgUQy9x0XJN3oMYitnh DxNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=vmhQ6dsDBBWl6U8rcMGHwn8dsCag/pvrH8s1iBIG0Ew=; b=hKl544RoBJVqRzLP9X/0ypq/zshTaGjqzBf48fISTOB8UJstuxD98wAm1VCL2gMmwK OzRVavOQwQjJ2dnOJGAYmnpEsx7b3BmEteKatgmppnzKa9kKlb7T+gmpJWuoqTS/3urs kALZP/Oa1Gx4BM1eupsotecbnuwUD24XaaotEvkKGs0odt+Z+5/hhQnyGFazb3lyZbTK KWZGE5q+An4Jduu7C8IRXQSQsBaf1TDc/1bikqIT1EvzL9iaFLGPfwSzBzfliOur3nTS OiBt15A9CBMCBvmjkDbZvejS0UEyBHabuyNnhrPavyAJFZuW5xN5tF1cYevjmxUBo0zx HmlA==
X-Gm-Message-State: AOPr4FVTFx71ZInjhICNV9X1X3GszLAq/u9fnUXdNDtTH4HmCPDIND/OI3KkKXc00WcL1iK6fcGHwa3IySEQCg==
MIME-Version: 1.0
X-Received: by 10.107.59.85 with SMTP id i82mr18634516ioa.108.1461877439551; Thu, 28 Apr 2016 14:03:59 -0700 (PDT)
Received: by 10.36.43.82 with HTTP; Thu, 28 Apr 2016 14:03:59 -0700 (PDT)
In-Reply-To: <CABcZeBO2aFuq7PbxLimUoez66u0MkE3_qQi9fdfMS33dFVh_+Q@mail.gmail.com>
References: <20160428193252.GA16096@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBO2aFuq7PbxLimUoez66u0MkE3_qQi9fdfMS33dFVh_+Q@mail.gmail.com>
Date: Fri, 29 Apr 2016 07:03:59 +1000
Message-ID: <CABkgnnX9c2fM58wGNVFHhg3SvN4FfAiRy48dN4ujLb_7cYUVSA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0_Uo5M_sYUW35jnhQrM4GD_gxsw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] #445: Enhanced New Session Ticket
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 21:04:01 -0000
On 29 April 2016 at 06:43, Eric Rescorla <ekr@rtfm.com> wrote: >> - You might want to specify that allow_dhe_resumption doesn't >> change key exchange, only authentication (so DHE_CERT becomes >> DHE_PSK and ECDHE_CERT becomes ECDHE_PSK). > > > I'm not sure I follow. It changes key exchange. If we want to have > a resumption mode that has the server sign, we'll need a different > indicator here. There is a separate issue that would have the client able to request that the server provide a certificate/certificateverify in resumption handshakes. For that, we might add a allow_cert_resumption flag. But we would do that separately. (Regarding that, if we use cached-info on that resumption, which is probably a good idea overall, then that extension will differ between handshakes.)
- [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Martin Thomson
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Martin Thomson
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara