Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-02.txt

"Martin Thomson" <mt@lowentropy.net> Thu, 10 October 2019 01:05 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D5B812004C for <tls@ietfa.amsl.com>; Wed, 9 Oct 2019 18:05:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=AssxROBs; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=xF+rvJ/k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYrXZmBRb5PT for <tls@ietfa.amsl.com>; Wed, 9 Oct 2019 18:05:21 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7321120020 for <tls@ietf.org>; Wed, 9 Oct 2019 18:05:21 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id B640861B for <tls@ietf.org>; Wed, 9 Oct 2019 21:05:20 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Wed, 09 Oct 2019 21:05:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=XC6wTRpses8C7fagcs5RUezSdNwp4v3 MIrLm7O+K/MI=; b=AssxROBsaO4DLYA0G1aMhHIaxWkKpaVYy2+SKBDe5vF7mic CCiUMHzo25jWJdbaRjEAupZDjm/PXHinSDNdETEc1AjndL+sTLW/xm5QfA9jmfrU cuo9O63T3/nPEKaKUcuYmsYndnBxKQXyNcQY+QhjyxR8i58SmuWlUBqwbdnSqoTq d5P6Bhh2cO7f2PARYTuNpQLU5/ufYaQgdg/eVhejURWFA5ed8+QBGF6oP518eOF1 LMCiOlYszTuRMIk9/8B13fMTQ7o89WmhUQ6BuoAAM2xKCH/27Yj8XlAiAuQNdq/Y J1mZPOoaJaZIWk2tzdirsbyAfATIQAm+bJEQB+Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=XC6wTR pses8C7fagcs5RUezSdNwp4v3MIrLm7O+K/MI=; b=xF+rvJ/kwcAkA3ZTlfXLe+ 9c7wie6SU097jcp0Yxgm3tdV2BOajx3Len8gZcu4jz+dFmxgF5sm6tGb41RWDwXQ CQo+NhuAspYY9g3vD8/i/D9vLDGPDId3qxgc9Zf6ywZeHCVPJuDbesO/h/RcZJ53 eTg07rfyaYoi25pAslRDcy7XjSrM3ZdPaZJHMjiDVgnh9eSvvfQ2AaES+5j8OI3u BW7w6+1lMbjhpyqctq4EbVumOQrN0keKA/2FrjrPy0ltGnZ2JaTBM5mA+DYepWvA a8rdlIpVf2tYVIWj8cwhy53KR7wf+i3yRFPdujh5A3xaw37DfnOkfER87dn/Px6A ==
X-ME-Sender: <xms:z4OeXVFST5FGtWLz8sTGiJnqiFSoPd19T5p4N3EYuHq_OJJw2aYGJQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedriedvgdegfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuffhomhgrihhnpehivghtfhdrohhrghenucfrrghrrg hmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhushht vghrufhiiigvpedt
X-ME-Proxy: <xmx:z4OeXQoWJRjjFPDi29I631cpOCI4XnxHmr-Ke4FGzJN3ZaKvrWZIaA> <xmx:z4OeXT21B63cZVv6ZpWKnxX-D9jTJ5rKq2Qu4j0Yw5NLA-D5Nxvv_Q> <xmx:z4OeXZtxEIuAb0tzJ3T4-GEmt0q9dRKD3QSDswXPMV_qEY9T_4yAig> <xmx:0IOeXY5efm55CIQT1eylekFIPTvPkgBc8AL-tZDwu4XhNCMWzAg7WQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D2BBEE00AF; Wed, 9 Oct 2019 21:05:19 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-360-g7dda896-fmstable-20191004v2
Mime-Version: 1.0
Message-Id: <2781261d-bfa2-4c40-9ca4-6a3a1c9266df@www.fastmail.com>
In-Reply-To: <8c2b10b3-bfc2-44b0-997a-1cab0789f1b7@www.fastmail.com>
References: <156962803631.24993.3421537129925787732@ietfa.amsl.com> <8c2b10b3-bfc2-44b0-997a-1cab0789f1b7@www.fastmail.com>
Date: Thu, 10 Oct 2019 12:04:59 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RJ15gZ4l1btUD6RO8ENsfVtUn_U>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 01:05:24 -0000

I think that the discussion Victor started about the number of tickets you might want to supply being different for a resumed connection is a sensible one, but I would caution against servers making inferences, especially in light of a very clear signal from clients.  Advice for client implementations might be wise, so that servers are less motivated to make these sorts of decisions.

Nits-wise, there are lots of lowercase instances of "may", which is fine, but most can be replaced with "can", except one that I think could be a "MAY": Clients may send this extension in ClientHello.

Otherwise, I only skimmed this.  If I get a chance, I might send more detailed editorial comments, but I didn't see any technical reason to hold this back from WGLC.



On Sat, Sep 28, 2019, at 09:59, Christopher Wood wrote:
> This version addresses some of the comments we received from Hubert a 
> while back. We think it's ready to go for WGLC, modulo whatever nits 
> folks find. :-)
> 
> Best,
> Chris (no hat)
> 
> On Fri, Sep 27, 2019, at 4:47 PM, internet-drafts@ietf.org wrote:
> > 
> > A New Internet-Draft is available from the on-line Internet-Drafts directories.
> > This draft is a work item of the Transport Layer Security WG of the IETF.
> > 
> >         Title           : TLS Ticket Requests
> >         Authors         : Tommy Pauly
> >                           David Schinazi
> >                           Christopher A. Wood
> > 	Filename        : draft-ietf-tls-ticketrequests-02.txt
> > 	Pages           : 6
> > 	Date            : 2019-09-27
> > 
> > Abstract:
> >    TLS session tickets enable stateless connection resumption for
> >    clients without server-side, per-client state.  Servers vend an
> >    arbitrary number of session tickets to clients, at their discretion,
> >    upon connection establishment.  Clients store and use tickets when
> >    resuming future connections.  This document describes a mechanism by
> >    which clients may specify the desired number of tickets needed for
> >    future connections.  This extension aims to provide a means for
> >    servers to determine the number of tickets to generate in order to
> >    reduce ticket waste, while simultaneously priming clients for future
> >    connection attempts.
> > 
> > 
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-tls-ticketrequests/
> > 
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-tls-ticketrequests-02
> > https://datatracker.ietf.org/doc/html/draft-ietf-tls-ticketrequests-02
> > 
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-ticketrequests-02
> > 
> > 
> > Please note that it may take a couple of minutes from the time of submission
> > until the htmlized version and diff are available at tools.ietf.org.
> > 
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> > 
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>