Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Fri, Jan 31, 2020 at 09:06:12AM -0800, Tommy Pauly wrote:

> However, for the purposes of the WGLC for this draft,
> draft-ietf-tls-ticketrequests, it may be best to separate the
> conversation. It seems that the negotiation of ticket reuse would be
> best served by another document that could be adopted by the WG. The
> ticket request document, as it was adopted, was specifically a
> mechanism to request multiple tickets so as to *avoid* ticket reuse.

Yes, but the issues DO NOT decouple.  It is a mechanism to communicate
the client's ticket requirements to the server.  Many clients will
want multiple tickets unconditionally, some will want none, or only
one as the presented one becomes no longer valid.

The use-case is that the Postfix SMTP server currently always vends
replacement tickets ONLY when expiring.  I'd like to be able to
distinguish between clients that always want fresh tickcets (MUAs)
and clients that don't (MTAs).  This will also reduce ticket reuse.

> This is stated several times in the use cases (section 2) and security
> considerations (section 5). While this does not preclude a future
> extension that negotiates ticket reuse, I believe, as an author, that
> enabling ticket reuse is out of scope of this particular document.

The two extensions will be in conflict.  There's a trivial solution
within the existing extension.  One code of 255 fully addresses the
issue, with no additional document required.

Proliferation of conflicting documents does not help implementors.
Let's address the issue before us in a single document.  Reuse
is not a separate issue, both are just ticket quantity negotiation.

-- 
    VIktor.