[TLS] The "other means" of controlling sessionids, master_secrets
<home_pw@msn.com> Sun, 14 January 2007 21:33 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6CyW-0003Vr-8s; Sun, 14 Jan 2007 16:33:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6CyU-0003Vm-Pj for tls@ietf.org; Sun, 14 Jan 2007 16:33:10 -0500
Received: from bay0-omc3-s21.bay0.hotmail.com ([65.54.246.221]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H6CyQ-00055Y-5v for tls@ietf.org; Sun, 14 Jan 2007 16:33:10 -0500
Received: from hotmail.com ([65.55.131.20]) by bay0-omc3-s21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 14 Jan 2007 13:33:05 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 14 Jan 2007 13:33:05 -0800
Message-ID: <BAY126-DAV100103FD81B017F779146392B60@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV10.phx.gbl with DAV; Sun, 14 Jan 2007 21:33:04 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: tls@ietf.org
Date: Sun, 14 Jan 2007 13:33:02 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 14 Jan 2007 21:33:05.0393 (UTC) FILETIME=[938E3610:01C73823]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc:
Subject: [TLS] The "other means" of controlling sessionids, master_secrets
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
concerning RFC 4507. The IESG appears to assert the following:- "SessionTicket TLS Extension [...] If the client possesses a ticket that it wants to use to resume a session, then it includes the ticket in the SessionTicket extension in the ClientHello. [...] [...]If the client is not prepared to receive a ticket in the NewSessionTicket handshake message then it MUST NOT include a SessionTicket extension unless it is sending a non-empty ticket it received through some other means from the server." [http://www.rfc-archive.org/getrfc.php?rfc=4507] So, I'm assuming (a) a ticket contains a wrapped master_secret (b) the last clause from above (other means), c) the TLS transport is EAP-TLS [rfc2716bis-06] cooperating with PPTP [RFC2637]. Lets now presume that there are 10 current TLS connection states in the client's cache, all duplicates of an active sessionid. Once a minute, they each perform a (keying material refresh) re-handshake citing their ticket generated by the server, and communicated on the n-1th handshake. (This "ticket" seems to be a variation of SSL3 fortezza_dms model for communicating (stateless) wrapped master_keys from the client endpoint to the loadbalancer) Lets also presume that it is conforming for TLS endpoints to NEVER NEED TO DO a "full handshake", to establish a given sessionid. That is, we exploited assumption (b). The assumption means that the sessionid name and the wrapped master_secret value are managed by some proprietary key distribution protocol tuned to the nature of the TLS transport, in question. Presumably in TLS1.2 the ciphersuite designer specifes a suitable KDF, similarly, to generate suitable amounts of keying material for the nature of the fragment transport. Presumably, a fatal alert on any one of those connections NO longer affects re-use of a sessionid on the others, given the sessionid is managed "by other means". All obligations for sessionid handling are borne by the client, AND these are set to comply with its (non-SSL) agreements with the server. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls