Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-01.txt
Hubert Kario <hkario@redhat.com> Fri, 07 June 2019 11:36 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE581200E3 for <tls@ietfa.amsl.com>; Fri, 7 Jun 2019 04:36:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqbdcAUIh0hq for <tls@ietfa.amsl.com>; Fri, 7 Jun 2019 04:36:53 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EFE812001A for <tls@ietf.org>; Fri, 7 Jun 2019 04:36:53 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6F37CB2DCE; Fri, 7 Jun 2019 11:36:52 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (ovpn-200-52.brq.redhat.com [10.40.200.52]) by smtp.corp.redhat.com (Postfix) with ESMTP id B06ED10AD78D; Fri, 7 Jun 2019 11:36:51 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org, David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 07 Jun 2019 13:36:43 +0200
Message-ID: <15449143.JsO9XSn2Py@pintsize.usersys.redhat.com>
In-Reply-To: <155986484588.1958.9325131777362231683@ietfa.amsl.com>
References: <155986484588.1958.9325131777362231683@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart5803428.Pvd60hfl02"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 07 Jun 2019 11:36:52 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WeK2ToJxah_Q60DYDcSEzFwxb6s>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 11:36:55 -0000
On Friday, 7 June 2019 01:47:25 CEST internet-drafts@ietf.org wrote: > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-ticketrequests-01 > clients without server-side, per-client state. Servers vend an > number of tickets vended per connection. Second, clients do not have > NewSessionTicket messages to vend. This extension is only applicable > such services to vend tickets to clients to use for accelerated > A supporting server MAY vend TicketRequestContents.count > tickets they are willing to vend to clients. Thus, the number of typos: send, sended I think that the use cases should list a situation in which the client does not expect to perform session resume, so it can inform the server of that by sending the value 0. The draft does not state what is the expected behaviour with tickets in relation to post-handshake authentication. The draft does not state if the extension is negotiated once per session or its values should be reused for resumed sessions. The draft does not state how the extension interacts with Hello Retry Request handshake. Can it be dropped/added/changed in 2nd CH message? What is expected to happen when client does change it? > Servers that support ticket requests MUST NOT echo "ticket_request" > in the EncryptedExtensions. It's not spelled out what the client is expected to do when server does violate this expectation. I'd say it should abort with unsupported_extension. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] I-D Action: draft-ietf-tls-ticketrequests-0… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood