Re: [TLS] SNI and tickets and resumption
Sajeev S <sajualways@gmail.com> Sun, 10 August 2014 16:16 UTC
Return-Path: <sajualways@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCCA91A077B for <tls@ietfa.amsl.com>; Sun, 10 Aug 2014 09:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BLwB03PYlVU for <tls@ietfa.amsl.com>; Sun, 10 Aug 2014 09:16:40 -0700 (PDT)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D70801A0772 for <tls@ietf.org>; Sun, 10 Aug 2014 09:16:39 -0700 (PDT)
Received: by mail-oi0-f49.google.com with SMTP id u20so4909336oif.36 for <tls@ietf.org>; Sun, 10 Aug 2014 09:16:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xhTms1a43PMxPiTNmZ8hFfuWfkwU8Wti9A6WbF4k9oo=; b=wTIMbNQfsYFqlbXyduGmQ/902Xt/39TDEKyoPgEgxYMcwLiUQ99unEUV+Go0coN+7n peCRvuwwfv0sP6yOHlaRchvXX7+3OIGNsC9qT8VUo1EFGQZqRCe+S4dNHtWvFR7PsVka 238R6dT46IujUfny53r+h9nUJI1phsWpQl/xFxWS7RSaSoK2FPMjve/QKcb394AFt4nd fZkWcDVmSF1HtL0KN6uFsachI87vwz9NSkQFCO5Py8JazTs0Yb9Q+8BlqXzaMZ7I7oTL pzIr14mPXovIJu1n1e8icDj5kA1sQnX3sNPk0JPTpw7gDo3awp96wgc//wWOyKRkFtAP aUxA==
MIME-Version: 1.0
X-Received: by 10.60.45.234 with SMTP id q10mr44117030oem.25.1407687399178; Sun, 10 Aug 2014 09:16:39 -0700 (PDT)
Received: by 10.76.103.162 with HTTP; Sun, 10 Aug 2014 09:16:39 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C850B@USMBX1.msg.corp.akamai.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7185A0C850B@USMBX1.msg.corp.akamai.com>
Date: Sun, 10 Aug 2014 21:46:39 +0530
Message-ID: <CAPWOt+XcRO_it4SxjHnD+TmJjEyG_BZ4+ENGXWfjjmz9SGFDjw@mail.gmail.com>
From: Sajeev S <sajualways@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="001a11c21b06620538050048c320"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/TqwQubUzksjYKKjc96500pvOJkU
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] SNI and tickets and resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Aug 2014 16:16:41 -0000
As per RFC 6066--->Transport Layer Security (TLS) Extensions:
Extension Definitions
Note also that all the extensions defined in this document are
relevant only when a session is initiated. A client that requests
session resumption does not in general know whether the server will
accept this request, and therefore it SHOULD send the same extensions
as it would send if it were not attempting resumption. When a client
includes one or more of the defined extension types in an extended
client hello while requesting session resumption:
- The server name indication extension MAY be used by the server
when deciding whether or not to resume a session as described in
Section 3 <http://tools.ietf.org/html/rfc6066#section-3>.
- If the resumption request is denied, the use of the extensions is
negotiated as normal.
- If, on the other hand, the older session is resumed, then the
server MUST ignore the extensions and send a server hello
containing none of the extension types. In this case, the
functionality of these extensions negotiated during the original
session initiation is applied to the resumed session.
Regards,
Sajeev
On Sat, Aug 9, 2014 at 1:48 AM, Salz, Rich <rsalz@akamai.com> wrote:
> Can a client connect with an SNI extension and then later on resume or
> send a ticket with a different SNI value?
>
>
>
> I couldn’t find it documented anywhere. Am I missing something, or should
> we?
>
>
>
> --
>
> Principal Security Engineer
>
> Akamai Technologies, Cambridge MA
>
> IM: rsalz@jabber.me Twitter: RichSalz
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
- [TLS] SNI and tickets and resumption Salz, Rich
- Re: [TLS] SNI and tickets and resumption Adam Langley
- Re: [TLS] SNI and tickets and resumption Salz, Rich
- Re: [TLS] SNI and tickets and resumption Martin Thomson
- Re: [TLS] SNI and tickets and resumption Martin Rex
- Re: [TLS] SNI and tickets and resumption Martin Rex
- Re: [TLS] SNI and tickets and resumption Adam Langley
- Re: [TLS] SNI and tickets and resumption Martin Rex
- Re: [TLS] SNI and tickets and resumption Sajeev S
- Re: [TLS] SNI and tickets and resumption Brian Sniffen
- Re: [TLS] SNI and tickets and resumption Antoine Delignat-Lavaud
- Re: [TLS] SNI and tickets and resumption Martin Rex
- Re: [TLS] SNI and tickets and resumption Martin Rex
- Re: [TLS] SNI and tickets and resumption Viktor Dukhovni
- Re: [TLS] SNI and tickets and resumption Viktor Dukhovni