Re: [TLS] Resumption ticket/PSK
Kyle Rose <krose@krose.org> Thu, 19 May 2016 21:13 UTC
Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F87C12B017 for <tls@ietfa.amsl.com>; Thu, 19 May 2016 14:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcS0bAGzasYw for <tls@ietfa.amsl.com>; Thu, 19 May 2016 14:13:52 -0700 (PDT)
Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA0B5128B44 for <tls@ietf.org>; Thu, 19 May 2016 14:13:51 -0700 (PDT)
Received: by mail-qg0-x22a.google.com with SMTP id 90so50803326qgz.1 for <tls@ietf.org>; Thu, 19 May 2016 14:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=OvNFKzue4Cy6eTVWVESI+Em8O59PC1LH5Cl6DRf9AWE=; b=dioAOSYKpaasUOQp1JOSOPbTC8Af7y4ohS8SlekJ4lQMTK7MOwXd/T8+VBxNGkGM0l UPWNGCApGnSZSk7SYK21b3MhwOtO0Tq7ZpgMgbPuB1UXLRluV2jt/8QKd9DZ3pnQg93Z JxJBSaq5klJju31LCXNwfRDQVIqVoPVsy8kAw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=OvNFKzue4Cy6eTVWVESI+Em8O59PC1LH5Cl6DRf9AWE=; b=YQxqqX8pe93+/8VHGOggumORMRmnKczJpMnO+MWK27sxbNONb5jpBCBkyXWx9dbZks 0Qf3CMQJjA2XeTjQ6rI+iU1aAvvUoBP36MAUgJL7GJZpn+Gk3GH7Thp1UAa9EQnkVwY5 u2ltOxEVYDTX5GsEFgYMkZN7A7xXIoIx57aqyoW+CJryBnrMieUqu2EajbBWm0POj8cl Tnsnii3roCskaooqE2VqUT1BBJqltUaF8QghW8+LVOdQ2Lbz1fDLKjXrn9CP9ak3a4B8 QVbOW3Z9cGCfhdiWHmOm3JS+8wc1QMLNft5XNczSl1sEKH8sQW8bFz1nhpiNF5hJOmI2 nIrg==
X-Gm-Message-State: AOPr4FX6wPk9fghf68ZVPXWFJFLmCwVua4YoFH8BZoZVRNnsgA/RyBMctBngiZjaSxbJmUvDTRg96zMdh7RVpQ==
MIME-Version: 1.0
X-Received: by 10.140.148.208 with SMTP id 199mr17283367qhu.3.1463692430988; Thu, 19 May 2016 14:13:50 -0700 (PDT)
Received: by 10.55.96.130 with HTTP; Thu, 19 May 2016 14:13:50 -0700 (PDT)
X-Originating-IP: [2001:4878:8000:50:fc46:bf8d:218d:1fef]
In-Reply-To: <CABkgnnWpNHxchq8GOCObL9iqicmmTw4R7gPgRA4m1sh-W43vkA@mail.gmail.com>
References: <CAJU8_nVhM+xOnt8D8UJ8qvWUFts3s5n3gOQvJZYs=XWymfVOVQ@mail.gmail.com> <CABcZeBM8R8LC0wQfxp63BzfjRvLh4sYh4HdT5KZ8LXe2uE3GgQ@mail.gmail.com> <20160519190508.GE3300@mournblade.imrryr.org> <CAJU8_nW5jqO3DSvZZNpNQThnCb3P4bCBjE47uhjPRPB1ix6_mg@mail.gmail.com> <20160519191930.GF3300@mournblade.imrryr.org> <CAJU8_nXkSLxWJ3NdoXrqAgg3vD_mxRmGET82Di==wy9tSAewbA@mail.gmail.com> <20160519200124.GG3300@mournblade.imrryr.org> <CABkgnnWpNHxchq8GOCObL9iqicmmTw4R7gPgRA4m1sh-W43vkA@mail.gmail.com>
Date: Thu, 19 May 2016 17:13:50 -0400
Message-ID: <CAJU8_nW5DAim7weaMa+RukbGaVLN-TLpZLGDQbRZjhKK59L31A@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5GTh435zJDwW5BmA3j29oNjYiI4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Resumption ticket/PSK
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 21:13:53 -0000
I've modified the branch to use your wording. As Viktor said, it doesn't address his objection, but it's still a more precise starting point for further discussion. Kyle On Thu, May 19, 2016 at 4:37 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 19 May 2016 at 16:01, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: >> Nevertheless, some clients may want to attempt to gain fine-grained >> protection against correlating back to back or parallel resumption >> requests. For this they'd have to ensure that all session tickets >> are single use, and either perform new handshakes when increasing >> the number of parallel connections to the server, or somehow obtain >> more than one ticket within a single session. > > I believe that this is the intent of the PR. I've suggested an > alternative wording that cleaves closer to your text above. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Eric Rescorla
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Martin Thomson
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose