Re: [TLS] Re: when is it ok to resume a cached SSL/TLS session
<home_pw@msn.com> Mon, 15 January 2007 17:27 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6VcK-0000Nt-1J; Mon, 15 Jan 2007 12:27:32 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6VcI-0000Nm-G5 for tls@ietf.org; Mon, 15 Jan 2007 12:27:30 -0500
Received: from bay0-omc1-s20.bay0.hotmail.com ([65.54.246.92]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H6VcF-0006m8-Jd for tls@ietf.org; Mon, 15 Jan 2007 12:27:30 -0500
Received: from hotmail.com ([65.55.131.27]) by bay0-omc1-s20.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 15 Jan 2007 09:27:26 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Jan 2007 09:27:26 -0800
Message-ID: <BAY126-DAV171FE2669A1843D5AE5A1892B50@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV17.phx.gbl with DAV; Mon, 15 Jan 2007 17:27:26 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: EKR <ekr@networkresonance.com>
References: <20070115154600.A77285C01E@laser.networkresonance.com><BAY126-DAV649C9E2DAC40983624F6292B50@phx.gbl><86ac0ke02o.fsf@raman.networkresonance.com><BAY126-DAV7527528284E612011A4A192B50@phx.gbl> <86lkk4ciz8.fsf@raman.networkresonance.com>
Subject: Re: [TLS] Re: when is it ok to resume a cached SSL/TLS session
Date: Mon, 15 Jan 2007 09:27:25 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 15 Jan 2007 17:27:26.0663 (UTC) FILETIME=[6D003D70:01C738CA]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 41c17b4b16d1eedaa8395c26e9a251c4
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> No, I don't agree with this analysis. The server being > unwilling > to resume a session is normal behavior. The TLS state > machine > explicitly handles such cases. Implementations which choke > rather than doing a full handshake are broken. > > -Ekr Perhaps the TLS state machine changed from the SSL state machine ? I did notice in your book how you tied your concept of the state transitions of an implementation to the TCP state machine, something I don't do. Its like we said for trust chains: regardless of what a server sends, what client APPLICATION uses is up to it. it can ignore the server-supplied trust chain, if it chooses. The same goes for accessing client-side crypto. Jus because a server (which has not proved knowledge of secrets from a TLS-connection state) seeks me to access my crypto device DOES NOT MEAN I DO IT. Im perfectly entitled to have a product design that seeks the user to enter a smartcard at that point; and close MY connection attempt if the user does not present it in some time. We are now squarely arguing over:- One advantage of TLS is that it is application protocol independent. Higher level protocols can layer on top of the TLS Protocol transparently. The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left up to the judgment of the designers and implementors of protocols which run on top of TLS. and then (note the final clause):- If the application protocol using TLS provides that any data may be carried over the underlying transport after the TLS connection is closed, the TLS implementation must receive the responding close_notify alert before indicating to the application layer that the TLS connection has ended. If the application protocol will not transfer any additional data, but will only close the underlying transport connection, then the implementation may choose to close the transport without waiting for the responding close_notify. No part of this standard should be taken to dictate the manner in which a usage profile for TLS manages its data transport, including when connections are opened or closed. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex