Re: [TLS] Question on Stateless TLS Session Resumption
Lakshminath Dondeti <ldondeti@qualcomm.com> Sun, 14 January 2007 16:55 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H68dq-0005BI-0f; Sun, 14 Jan 2007 11:55:34 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H68do-0005B9-En for tls@ietf.org; Sun, 14 Jan 2007 11:55:32 -0500
Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H68dl-0000j8-36 for tls@ietf.org; Sun, 14 Jan 2007 11:55:32 -0500
Received: from hamtaro.qualcomm.com (hamtaro.qualcomm.com [129.46.61.157]) by numenor.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id l0EGtRLL012573 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 14 Jan 2007 08:55:28 -0800
Received: from [10.50.77.45] (qconnect-10-50-77-45.qualcomm.com [10.50.77.45]) by hamtaro.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id l0EGtQ9u024469 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 14 Jan 2007 08:55:27 -0800 (PST)
Message-ID: <45AA6033.9020407@qualcomm.com>
Date: Sun, 14 Jan 2007 08:54:11 -0800
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0b1 (Windows/20061206)
MIME-Version: 1.0
To: EKR <ekr@networkresonance.com>
Subject: Re: [TLS] Question on Stateless TLS Session Resumption
References: <C24CB51D5AA800449982D9BCB90325133C9A2E@NAEX13.na.qualcomm.com> <863b6eh9v5.fsf@raman.networkresonance.com> <45A973A0.4000105@qualcomm.com> <86irfafo3j.fsf@raman.networkresonance.com> <45A99B9E.8060208@qualcomm.com> <86bql2f7b6.fsf@raman.networkresonance.com>
In-Reply-To: <86bql2f7b6.fsf@raman.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Thanks Eric. I guess in my quick scan of your paper, I missed the "ticket" as the "session ID" aspect. In fact, hashing of the ticket as a substitute for session ID was what I was thinking about as the "extra" computation. Now the paper does talk about hashing the session ID, which makes sense now :). cheers, Lakshminath Eric Rescorla wrote: > Lakshminath Dondeti <ldondeti@qualcomm.com> writes: >>> However, as you indicate, you might want to explicitly terminate >>> a session. As Vidya indicated, this requires server side state, >>> though less than a session cache would require. >> Right, this is what I was pointing out as "difficult" (for some degree >> of difficulty :) ). Either we need more state or more state plus some >> more computation to invalidate a ticket (I am thinking a hash >> computation), if the identity (session id) is not fixed. > > Actually, the existence of the session ID doesn't change matters > much at all. Whatever operations you would follow with the > session ID you follow with the ticket. > > >> Yes, I took >> a quick at the relevant portions of the paper you cite, but that >> analysis assumes that there is a session id and assumes that the >> server has a blacklist of invalidated sessions. > > RFC 4507 has both a ticket and a session ID. BSR04 uses the > ticket as the session ID. > > -Ekr > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex