Re: [TLS] Resuming a session as part of a renegotiation.

Fabrice Gautier <fabrice.gautier@gmail.com> Thu, 19 September 2013 18:30 UTC

Return-Path: <fabrice.gautier@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD1721F92C2 for <tls@ietfa.amsl.com>; Thu, 19 Sep 2013 11:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GiuLicuOYcdl for <tls@ietfa.amsl.com>; Thu, 19 Sep 2013 11:30:16 -0700 (PDT)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id D601321F9228 for <tls@ietf.org>; Thu, 19 Sep 2013 11:30:15 -0700 (PDT)
Received: by mail-we0-f173.google.com with SMTP id w62so8439268wes.32 for <tls@ietf.org>; Thu, 19 Sep 2013 11:30:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=4jb7brNtTNvVEgeGaXRGjhWp3j8cMGiFtcG2yLg/ZhA=; b=y/l5DVNdw3kEiFuunDfnfCpOiVf0pIdsHonE2jmV/teFO2NZcF/DllDzkEp54+lL1/ S87+w3t+zaQNUmoelq0J/ssmoHXiE8eGz78EwdzPg25u0O0hfrskvpL83RQ3uOA+iPJh +++dUj8URlpt/l/PXJFz4W0u/JXiOo5ZfB3BP1iQ8Z5cp5uePAwL9di5yUkr2Il8QiEt KQ/4qBRjSGIUrdpaw05nrZMFB1FePg+HMrqKTM7v0znj05aB5WnD9oMy8qeMC7MCv2lp PiNB+VrwuA1ntdAK9rLhvZNtcjdzDIVwwgLd9OOJw84c684mmJ1+1SayLn9GqLREpLiY z5VQ==
X-Received: by 10.194.240.129 with SMTP id wa1mr2558207wjc.31.1379615415060; Thu, 19 Sep 2013 11:30:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.50.12 with HTTP; Thu, 19 Sep 2013 11:29:54 -0700 (PDT)
In-Reply-To: <523B2EDF.7010501@pobox.com>
References: <CANOyrg99G7YULLbC4MgjXNDLqb5AXQXvqSQDqBm095BqBDNRBA@mail.gmail.com> <523B2EDF.7010501@pobox.com>
From: Fabrice Gautier <fabrice.gautier@gmail.com>
Date: Thu, 19 Sep 2013 11:29:54 -0700
Message-ID: <CANOyrg_GVPtsd-LyrT78QDfwFFyoWzJpf_1D6xkVPOJY0oSd0w@mail.gmail.com>
To: "Michael D'Errico" <mike-list@pobox.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: tls@ietf.org
Subject: Re: [TLS] Resuming a session as part of a renegotiation.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2013 18:30:16 -0000

On Thu, Sep 19, 2013 at 10:05 AM, Michael D'Errico <mike-list@pobox.com> wrote:
> Fabrice Gautier wrote:
>>
>>
>> Is there anything in the TLS RFCs that prohibit using a resumed
>> session as a result of a renegotiation handshake ?
>
>
> No.
>
>
>> I haven't found anything, but I can't think of an interesting use case
>> for that behavior either.
>
>
> Not sure if it's interesting, but you get fresh session keys.

Hum, I guess it depends your definition of 'fresh'. They might be
different after the renegotiation. But if you are resuming an old
session as part of a renegotiation, the freshness depends on how much
that particular resumed session has been used before.

Imagine the case where a server request renegotiation, but the client
send back a ClientHello with the same session ID as previously


> One possible use case: if you negotiated a block cipher with a
> small internal state and are sending large quantities of data,
> security might be improved by periodically renegotiating.

Thats only benefit a full handshake renegotiation.

The way I understand it, renegotiation allows you to have several
session in the same connection, and session resumption allows you to
have the same session across multiple connections.

Mixing the two gives you... well, I don't know if it gives you
anything useful...


-- Fabrice