[TLS] RFC 5077 (was Re: draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted)

Michael D'Errico <mike-list@pobox.com> Fri, 19 February 2010 18:29 UTC

DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=HCNIeO Rk7aQXfoEkVcuWVwaFsF2+XzAmjJRoLfS5j5gm7cSdJNntmZfXrw+EQCy3rhmXG7 c4ke1/chlTGJFZ+HZ/KLb+1o1LQihAKqHZYPJj1obvSPJ34mlTTwWBdtGTLxtH1a QBiMBnD46DnoQKgZ9ihTPkOuv0MYEh8ALG4no=
Message-ID: <4B7EDA36.2080801@pobox.com>
Date: Fri, 19 Feb 2010 10:36:38 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <C7A2FC2B.85D4%stefan@aaa-sec.com> <C7A30236.85DC%stefan@aaa-sec.com> <a84d7bc61002180831n412afe3aubffd4708a02b1dd3@mail.gmail.com> <4B7D8AAD.80204@briansmith.org>
In-Reply-To: <4B7D8AAD.80204@briansmith.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [TLS] RFC 5077 (was Re: draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted)
Precedence: list

Brian Smith wrote:
> .... Note that this is how RFC50[77] works (you 
> have to infer what the server is saying based on what handshake messages 
> it skips; for example, if the server doesn't send a Certificate right 
> after its ServerHello then you have to infer that it's doing a 
> resumption based on the given ticket).

While that method works, an easier method is for the client to include a
non-empty session ID in its ClientHello when attempting to resume a session
based on a session ticket.  If the server does resume the session, then it
returns the client-generated session ID.  From RFC 5077:

    When presenting a ticket, the client MAY generate and include a
    Session ID in the TLS ClientHello.  If the server accepts the ticket
    and the Session ID is not empty, then it MUST respond with the same
    Session ID present in the ClientHello.  This allows the client to
    easily differentiate when the server is resuming a session from when
    it is falling back to a full handshake.  Since the client generates a
    Session ID, the server MUST NOT rely upon the Session ID having a
    particular value when validating the ticket.  If a ticket is
    presented by the client, the server MUST NOT attempt to use the
    Session ID in the ClientHello for stateful session resumption.
    Alternatively, the client MAY include an empty Session ID in the
    ClientHello.  In this case, the client ignores the Session ID sent in
    the ServerHello and determines if the server is resuming a session by
    the subsequent handshake messages.

Mike

Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Nikos Mavrogiannopoulos
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Michael D'Errico
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Nikos Mavrogiannopoulos
Re: [TLS] Android's cut-through mode & "RequestTi… Brian Smith
[TLS] Stream multiplexing extension RE: SPDY / Ne… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
[TLS] TLS Performance (was Re: draft-ietf-tls-cac… Michael D'Errico
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
[TLS] Cached-info substitution Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
Re: [TLS] Cached-info substitution Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] Cached-info substitution Adam Langley
Re: [TLS] Cached-info substitution Brian Smith
Re: [TLS] Cached-info substitution Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] Cached-info substitution Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
[TLS] RFC 5077 (was Re: draft-ietf-tls-cached-inf… Michael D'Errico
Re: [TLS] Cached-info substitution Adam Langley
Re: [TLS] Cached-info substitution Wan-Teh Chang
Re: [TLS] Cached-info substitution Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Kemp, David P.
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Marsh Ray
Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-cach… Kemp, David P.
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Marsh Ray
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Yoav Nir
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Joseph Salowey (jsalowey)
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Brian Smith
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Martin Rex
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Donald Eastlake
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Joseph Salowey (jsalowey)
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Marsh Ray
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Simon Josefsson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Stefan Santesson
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Adam Langley
Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fa… Michael D'Errico