Re: [TLS] Re: when is it ok to resume a cached SSL/TLS session
<home_pw@msn.com> Mon, 15 January 2007 17:05 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6VHP-0007Oj-53; Mon, 15 Jan 2007 12:05:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6VHO-0007Oe-30 for tls@ietf.org; Mon, 15 Jan 2007 12:05:54 -0500
Received: from bay0-omc3-s14.bay0.hotmail.com ([65.54.246.214]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H6VHH-0003gi-1Z for tls@ietf.org; Mon, 15 Jan 2007 12:05:54 -0500
Received: from hotmail.com ([65.55.131.17]) by bay0-omc3-s14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 15 Jan 2007 09:05:46 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Jan 2007 09:05:45 -0800
Message-ID: <BAY126-DAV7527528284E612011A4A192B50@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV7.phx.gbl with DAV; Mon, 15 Jan 2007 17:05:44 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: EKR <ekr@networkresonance.com>
References: <20070115154600.A77285C01E@laser.networkresonance.com><BAY126-DAV649C9E2DAC40983624F6292B50@phx.gbl> <86ac0ke02o.fsf@raman.networkresonance.com>
Subject: Re: [TLS] Re: when is it ok to resume a cached SSL/TLS session
Date: Mon, 15 Jan 2007 09:05:42 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 15 Jan 2007 17:05:45.0978 (UTC) FILETIME=[65BB75A0:01C738C7]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> Peter, > > TLS session IDs do not come with any guarantee that the > server will > actually honor a resumption request. The server may > implement any > session cache policy it chooses. Therefore the client > *must* be > prepared for the server to refuse resumption. > > -Ekr So the only thing we are disagreeing on is the definition of "must be prepared". You say choked, I say graceful fail. So... we are back to the reasserting the old adage: the TLS standard DOES NOT constrain or recommend on how TLS Transport connections are handled in general. The words in TLS could not be much clearer. https is of course both an application and a "usage model" for TLS, some SSL-related parts of which folks have attempted to create a standard profile as regard alert handling. I fail to see why the UI behavior of a multi-URL-protocol browser should be different for https vs other URL protocols. Furthermore, a non-Navigator-style web client is even less constrained, because it may a moniker resolver aswell as a URL resolver built into the application. We all know wininet has different https behavior to IE, which is yet different to the MSN Explorer. We all know Navigator in turn has "unique" security semantics concerning its SSL session duplication , and a "unique" trust access model to cookies by child windows etc... I have no expectation that navigator's client-side sessionid caching policy (for https resolution) is the same of the other 3 examples, I gave! If the particular browser experience design has established (via a combined security vs usability tradeoff analysis) a certain practice concerning how it visualizes and handles (connection) failure cases (cannot "connect" to a resource, ultimately) when using all the NON-https URL protocols why should it vary this view ...for the session resumption exception on the https URL? _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex