Re: [TLS] Unifying tickets and sessions

"Salz, Rich" <rsalz@akamai.com> Wed, 22 October 2014 22:19 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 804C51A1B4F for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 15:19:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0apLeyZZ14V for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 15:18:58 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 2B88D1A1AFD for <tls@ietf.org>; Wed, 22 Oct 2014 15:18:58 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id B48AE475A5; Wed, 22 Oct 2014 22:18:57 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id A81774759C; Wed, 22 Oct 2014 22:18:57 +0000 (GMT)
Received: from email.msg.corp.akamai.com (usma1ex-cas2.msg.corp.akamai.com [172.27.123.31]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id A400B202E; Wed, 22 Oct 2014 22:18:57 +0000 (GMT)
Received: from USMA1EX-CASHUB4.kendall.corp.akamai.com (172.27.105.20) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.913.22; Wed, 22 Oct 2014 18:18:39 -0400
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.71]) by USMA1EX-CASHUB4.kendall.corp.akamai.com ([172.27.105.20]) with mapi; Wed, 22 Oct 2014 18:18:39 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Nico Williams <nico@cryptonector.com>, "tls@ietf.org" <tls@ietf.org>
Date: Wed, 22 Oct 2014 18:18:35 -0400
Thread-Topic: [TLS] Unifying tickets and sessions
Thread-Index: Ac/uKJhcvnpA1MDhTJO2cTepylyKWQAHU73Q
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71D3AF64EE4@USMBX1.msg.corp.akamai.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <5445775E.3050108@fussenegger.info> <54458113.1050304@polarssl.org> <20141020235832.GK19158@mournblade.imrryr.org> <CAK3OfOj9bZcSDdWhHGeGT0STg6XBkYaExW+rQFN-FFE4oaPLrw@mail.gmail.com>
In-Reply-To: <CAK3OfOj9bZcSDdWhHGeGT0STg6XBkYaExW+rQFN-FFE4oaPLrw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/effunnAChJUqtP45RG0YA8W8-Tk
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 22:19:00 -0000

I understand the concern:  the ticket should be encrypted at least as strongly as the bulk encryption of the traffic.

But that concern is misplaced (a server could have a one-time-pad and do XOR), and it is not up to the client to tell the server how to operate.  The client can always not send the ticket if it has concerns, and is able to justify/prove them.


--  
Principal Security Engineer, Akamai Technologies
IM: rsalz@jabber.me Twitter: RichSalz