Re: [TLS] Question on Stateless TLS Session Resumption
Lakshminath Dondeti <ldondeti@qualcomm.com> Sun, 14 January 2007 00:06 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5st2-0000g7-29; Sat, 13 Jan 2007 19:06:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5st0-0000fh-4j for tls@ietf.org; Sat, 13 Jan 2007 19:06:10 -0500
Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H5ssx-0003VD-Nd for tls@ietf.org; Sat, 13 Jan 2007 19:06:10 -0500
Received: from hamtaro.qualcomm.com (hamtaro.qualcomm.com [129.46.61.157]) by numenor.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id l0E0653C023448 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 13 Jan 2007 16:06:06 -0800
Received: from [10.50.76.70] (qconnect-10-50-76-70.qualcomm.com [10.50.76.70]) by hamtaro.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id l0E065OY012570 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 13 Jan 2007 16:06:05 -0800 (PST)
Message-ID: <45A973A0.4000105@qualcomm.com>
Date: Sat, 13 Jan 2007 16:04:48 -0800
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0b1 (Windows/20061206)
MIME-Version: 1.0
To: EKR <ekr@networkresonance.com>
Subject: Re: [TLS] Question on Stateless TLS Session Resumption
References: <C24CB51D5AA800449982D9BCB90325133C9A2E@NAEX13.na.qualcomm.com> <863b6eh9v5.fsf@raman.networkresonance.com>
In-Reply-To: <863b6eh9v5.fsf@raman.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Eric Rescorla wrote: > Well, there are two separate issues here. There's no technical > reason why a new TLS handshake between a client/server pair > needs to invalidate and old session between them. Indeed, > I don't know of any server which enforces this before and it > would even in principle be rather difficult to do in the > absence of client authentication, which is fairly rare. The issue is that of revocation. If a client's credentials are revoked, a full exchange will ensure that the client gets service only after it acquires/renews its certificate or whatever. If there is an old ticket that the client can use to get service then it is able to get around having to reauthenticate with new credentials. > > This leaves us with ticket invalidation which does, as you > note, require server side state, though rather less than > that required by an ordinary session cache. > > >> Since there is really no means of ticket revocation or any >> server state on the status of a ticket, there seems to be no way to >> determine that the client is not supposed to be using that ticket to >> resume a session. Also, the fact that the client is allowed to pick a >> Session ID makes it infeasible to track a terminated session that must >> not be allowed to resume. > > I don't think I understand this point. Both session IDs and > tickets are generated by servers. Right, that's as per 4346. However, 4507 says "When presenting a ticket, the client MAY generate and include a Session ID in the TLS ClientHello." Given that the client can change the session id, it becomes difficult (not impossible as I initially thought) for the server to track and invalidate old tickets. But, perhaps as you say, this is generally not an issue in practice. If the ticket lifetime is generally short enough, it is probably not a big deal (although it would have been nice to have stated it in 4507). regards, Lakshminath > > >> Am I missing something? Has this been talked about before? > > Yes, it's discussed extensively in the SBR04 paper on Client-Side > Session Caching. > > Shacham, H., Boneh, D., and E. Rescorla, "Client-side > caching for TLS", Transactions on Information and System > Security (TISSEC) , Volume 7, Issue 4, November 2004. > > -Ekr > > > > > _______________________________________________ > TLS mailing list > TLS@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex