[TLS] The "other means" of controlling sessionids, master_secrets
<home_pw@msn.com> Sun, 14 January 2007 21:33 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6CyW-0003Vr-8s; Sun, 14 Jan 2007 16:33:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6CyU-0003Vm-Pj for tls@ietf.org; Sun, 14 Jan 2007 16:33:10 -0500
Received: from bay0-omc3-s21.bay0.hotmail.com ([65.54.246.221]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H6CyQ-00055Y-5v for tls@ietf.org; Sun, 14 Jan 2007 16:33:10 -0500
Received: from hotmail.com ([65.55.131.20]) by bay0-omc3-s21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 14 Jan 2007 13:33:05 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 14 Jan 2007 13:33:05 -0800
Message-ID: <BAY126-DAV100103FD81B017F779146392B60@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV10.phx.gbl with DAV; Sun, 14 Jan 2007 21:33:04 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: tls@ietf.org
Date: Sun, 14 Jan 2007 13:33:02 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 14 Jan 2007 21:33:05.0393 (UTC) FILETIME=[938E3610:01C73823]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc:
Subject: [TLS] The "other means" of controlling sessionids, master_secrets
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
concerning RFC 4507.
The IESG appears to assert the following:-
"SessionTicket TLS Extension
[...]
If the client possesses a ticket that it wants to use to
resume a
session, then it includes the ticket in the SessionTicket
extension
in the ClientHello. [...]
[...]If the client is not prepared to receive a
ticket in the
NewSessionTicket handshake message then it MUST NOT
include a
SessionTicket extension unless it is sending a non-empty
ticket it
received through some other means from the server."
[http://www.rfc-archive.org/getrfc.php?rfc=4507]
So, I'm assuming (a) a ticket contains a wrapped
master_secret (b) the last clause from above (other means),
c) the TLS transport is EAP-TLS [rfc2716bis-06] cooperating
with PPTP [RFC2637].
Lets now presume that there are 10 current TLS connection
states in the client's cache, all duplicates of an active
sessionid. Once a minute, they each perform a (keying
material refresh) re-handshake citing their ticket generated
by the server, and communicated on the n-1th handshake.
(This "ticket" seems to be a variation of SSL3 fortezza_dms
model for communicating (stateless) wrapped master_keys from
the client endpoint to the loadbalancer)
Lets also presume that it is conforming for TLS endpoints to
NEVER NEED TO DO a "full handshake", to establish a given
sessionid. That is, we exploited assumption (b). The
assumption means that the sessionid name and the wrapped
master_secret value are managed by some proprietary key
distribution protocol tuned to the nature of the TLS
transport, in question. Presumably in TLS1.2 the ciphersuite
designer specifes a suitable KDF, similarly, to generate
suitable amounts of keying material for the nature of the
fragment transport.
Presumably, a fatal alert on any one of those connections NO
longer affects re-use of a sessionid on the others, given
the sessionid is managed "by other means". All obligations
for sessionid handling are borne by the client, AND these
are set to comply with its (non-SSL) agreements with the
server.
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls