IETF Logo Mail Archive

Re: [TLS] Naming that TLS session/connection instance thing

Michael D'Errico <mike-list@pobox.com> Thu, 24 December 2009 23:20 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 673573A6850 for <tls@core3.amsl.com>; Thu, 24 Dec 2009 15:20:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[AWL=0.048, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uGI7Gvyi+rV3 for <tls@core3.amsl.com>; Thu, 24 Dec 2009 15:20:37 -0800 (PST)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [64.74.157.62]) by core3.amsl.com (Postfix) with ESMTP id 5AED63A6820 for <tls@ietf.org>; Thu, 24 Dec 2009 15:20:37 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 83359A92D9 for <tls@ietf.org>; Thu, 24 Dec 2009 18:20:15 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=mILpyIvTvhVD ezW4VMa+BaZDfcs=; b=rvbZdNggAwEI0omTqgX5Dytd1CBZ2kcgVWNeIGzyh3jD cAZwc1lI/6vu8W1i0AeaTHQZeD2iOkIAzS+J56UV64dENMvxj/R3YwkugaeUnN6x Ka3+m4SSJBbIV6gd6miVqcJNE66ocbBpdwD3uDIWNAtMTCviHg5gIIhFLyvFz7w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=rNvjry M20OU0HkFsD8PsGOkGrBusEl1HP0XwFUHmgLUbGUNiQ6AnmikGrwqfEg//0iM0nx ueHBzHLSnplGt/ao11UzTRmUENTz8KhWrZGFw4Bjyur63J4vDM/6kJDpdAbHq2tQ htciKlmpqjNcagmgYFmWtYcOWaotTPga/9JpQ=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 7F2C7A92D8 for <tls@ietf.org>; Thu, 24 Dec 2009 18:20:15 -0500 (EST)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 9F200A92D6 for <tls@ietf.org>; Thu, 24 Dec 2009 18:20:11 -0500 (EST)
Message-ID: <4B33F7B4.3000101@pobox.com>
Date: Thu, 24 Dec 2009 15:22:28 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: IETF TLS Working Group <tls@ietf.org>
References: <4B33F445.4010203@bolyard.me>
In-Reply-To: <4B33F445.4010203@bolyard.me>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: E483B13C-F0E2-11DE-A009-465EBBB5EC2E-38729857!a-pb-sasl-sd.pobox.com
Subject: Re: [TLS] Naming that TLS session/connection instance thing
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Dec 2009 23:25:52 -0000

Nelson B Bolyard wrote:
> In a posting in another thread today, Marsh Ray wrote:
> 
>> Just keep in mind the many-to-many relationship between sessions and
>> connections. A connection may handle multiple sessions (generally at
>> different times) and a session may be on multiple connections
>> (simultaneously or separated in time). An instance of a session on a
>> connection is referred to as a "connection state".
> 
> It's also the thing to which a "TLS channel binding" binds, is it not?
> 
> Believing that it is, I propose that we name it a "TLS channel".
> 
> Does that proposal cause anyone here any great pain?

No pain, but I'd like some clarification.

I assume that if you make an initial connection to a server and perform
a full handshake, you have created a new, independent TLS channel.

But now if you make another TCP connection to the same server and resume
that session, has a new TLS channel been created?  Or is it the same one?

Also, let's say you just connected and performed a full handshake,
creating a new TLS channel.  If you then renegotiate with the server
using a full handshake, has a new TLS channel been created?  Or is it
the same?

If you connect, full handshake, and then renegotiate using an old session
(session resume), has a new TLS channel been created?  Does it depend on
whether the resumed session was the original session on this connection?
What if a session from an unrelated connection was resumed?

Thanks for any insight.

Mike

v2.23.0 | Report a Bug | By Email