Re: [TLS] Unifying tickets and sessions

Richard Fussenegger <richard@fussenegger.info> Thu, 23 October 2014 22:39 UTC

Message-ID: <5449837C.7080305@fussenegger.info>
Date: Fri, 24 Oct 2014 00:38:52 +0200
From: Richard Fussenegger <richard@fussenegger.info>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: tls@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <CAK3OfOj9bZcSDdWhHGeGT0STg6XBkYaExW+rQFN-FFE4oaPLrw@mail.gmail.com> <54483C33.4000702@polarssl.org> <11886639.VyNDkQ3oKj@pintsize.usersys.redhat.com> <54493904.7010807@fussenegger.info> <20141023174537.GW19158@mournblade.imrryr.org> <5449463D.7080904@fussenegger.info> <20141023183637.GX19158@mournblade.imrryr.org> <03546F3D-816C-481A-A577-9797855A9DED@pahtak.org> <20141023200134.GY19158@mournblade.imrryr.org>
In-Reply-To: <20141023200134.GY19158@mournblade.imrryr.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010509010801050004050608"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/mgXfV8AdJ-q_cIK5nyEpz5jTv_Q
Subject: Re: [TLS] Unifying tickets and sessions
Precedence: list

On 10/23/2014 10:01 PM, Viktor Dukhovni wrote:
> On Thu, Oct 23, 2014 at 03:35:59PM -0400, Stephen Checkoway wrote:
>
>> On Oct 23, 2014, at 2:36 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>>
>>> The number of key sets is irrelevant, all that matters is how long
>>> each one is retained.  Postfix defaults to 2 hours (1 hour encrypt
>>> and 1 hour decrypt).  With N keysets, you'd have (T encrypt, (N-1)*T
>>> decrypt).
>> This seems perfectly reasonable (both for general N and for
>> specific N = 2 or N = 3). But does it make any difference from a
>> protocol perspective? The only way a client could tell if a server
>> is doing something wrong is if the client knows the upper limit on
>> the ticket's validity  NT and sends a ticket after that time which
>> the server accepts.
> OpenSSL at least enforces the N*T time-limit on sessions, and in
> case would not be able to decrypt a session ticket whose key has
> been discarded.  So Postfix sets 2*T as the session lifetime, and
> as a result if a session ticket is decrypted the session will not
> be accepted.

With N = 2 your tickets are either T or 2 * T, depending on the time the 
client received the ticket. The client sends the ticket to the server 
expecting to continue were it left of but instead ends up with a full 
new handshake because the ticket is rejected, although the lifetime 
indicates that it's valid. (Of course no big deal.)

With N = 3 your ticket is always 2 * T, no matter when the client 
received the ticket. I tried to illustrate that in my simple drawing[1] 
and its the reasoning behind 3 key sets.

That's also were I see the difference for the protocol because all 
clients are treated equally in terms of ticket lifetime and can trust 
that they aren't storing garbage tickets (assuming it was configured 
correctly, but that could be handled by the library).

Richard

[1] http://pastebin.com/1iAatbWm

Attachment: smime.p7s

[TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Brian Smith
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Martin Thomson
Re: [TLS] Unifying tickets and sessions Brian Smith
Re: [TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
Re: [TLS] Unifying tickets and sessions Martin Thomson
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions David Leon Gil
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions David Leon Gil
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Ryan Carboni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Ryan Carboni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Martin Thomson
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Aaron Zauner
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Aaron Zauner
Re: [TLS] Unifying tickets and sessions Douglas Stebila
Re: [TLS] Unifying tickets and sessions Blumenthal, Uri - 0558 - MITLL
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Stephen Checkoway
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Joseph Salowey
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
Re: [TLS] Unifying tickets and sessions David Leon Gil

Re: [TLS] Unifying tickets and sessions

Attachment: smime.p7s