Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
"Christopher Wood" <caw@heapingbits.net> Thu, 14 November 2019 17:02 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 751DA1208D0
for <tls@ietfa.amsl.com>; Thu, 14 Nov 2019 09:02:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=heapingbits.net header.b=aJkGMihy;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=iNanT2B5
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id tgroqH6CNzm0 for <tls@ietfa.amsl.com>;
Thu, 14 Nov 2019 09:02:25 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com
[66.111.4.26])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 0A88412096D
for <tls@ietf.org>; Thu, 14 Nov 2019 09:02:24 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
by mailout.nyi.internal (Postfix) with ESMTP id DE50B20355;
Thu, 14 Nov 2019 12:02:21 -0500 (EST)
Received: from imap4 ([10.202.2.54])
by compute6.internal (MEProxy); Thu, 14 Nov 2019 12:02:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net;
h=mime-version:message-id:in-reply-to:references:date:from:to
:cc:subject:content-type; s=fm2; bh=Smi2kTT2RDXjYV3H+Q1MaBZNZSrE
kMSmR+UzlAhARDQ=; b=aJkGMihyEaEUlp57ly1gDqdn7MJfsXycoU7GhA3CfsOA
JNAPFzyC4r1xCo2znL5vU4h/0mEvDVWNzyl9Ew3/HUbLlNbtpEuFYHulRey3u/us
8VrpauvrCdAbGq1WbYKjk1Bb2rDe5BOTOwMx8n0ZuK64nZd60btkd4QPYdL8AL7N
4p5FTPqyczcRJpsuBecOXdhsJ9SSQsYQvV+dQgiQQPwR0m1gC2023QZU9GAwhPeo
yjWi5PFARDbBZgW1V/kc7AwzJPdOR7+oWI8UpeCUxFqO6drONJHCe7prbRxAgyHx
duzVfuvosbuJ1Q0UwfcwaeQPQAtfCGB4EBzqCCVJHw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Smi2kT
T2RDXjYV3H+Q1MaBZNZSrEkMSmR+UzlAhARDQ=; b=iNanT2B5apWT28DrVQ1XKM
ner0H9Z3zLAA2eS2KTz3ea76RLs+6VAENb/ORToHqNNYqNLDp24cCcN7LokiviGs
VVLw/7bJUZnc0jbbwzK27mU/uayV5RM+9HTz5zJKV/0KGAQ46Pte4KB4qyzCDK57
sTQuOzvJhXXdEvL4roGrjNtm/KTYtzxJbD711+wQo54eBqaepiOGm2PnZS3SnkOx
lpuT1RyhVTNEWt3+MuldW1zt3bJ6kycDWM1yEspQWfIWley9dHqdR3PAv8zTKPFv
ly93dcEOYwyJoYH4iIDomBt73LOTAqpv9IWomTRzvvVzKr2yzfDraLWJQLvEPO8g
==
X-ME-Sender: <xms:nYjNXQLJCH5AnGlk3ucfdvs7APYq3rF3qAM01D9EJeHxUp4qdOevxw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudeffedgleehucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdevhhhr
ihhsthhophhhvghrucghohhougdfuceotggrfieshhgvrghpihhnghgsihhtshdrnhgvth
eqnecuffhomhgrihhnpehivghtfhdrohhrghenucfrrghrrghmpehmrghilhhfrhhomhep
tggrfieshhgvrghpihhnghgsihhtshdrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:nYjNXYIBoXnUR10ESxDbgfIo1QG4r_tnDJI9mk3dUWM6INfzy-somg>
<xmx:nYjNXRVGfcIBfZnQtUGLF2NXMKhqXgXa-4N6fKBLjr4fa-DoxPhMgw>
<xmx:nYjNXc_nlspOhI9G44CXdnKfTwGEGHkm0g9ZatsP_As1vSuOJYdCGw>
<xmx:nYjNXSC3ialeCRCyTLpphmXfgyMOEunY0g84vnbfw_-PwwrqfvtS1Q>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id 27DB53C00A2; Thu, 14 Nov 2019 12:02:21 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-562-gfd0633a-fmstable-20191114v1
Mime-Version: 1.0
Message-Id: <a21eff42-5f27-45b9-bb15-cb10d07e7b0c@www.fastmail.com>
In-Reply-To: <CADZyTknpHkugotJxKUmSXU=qLrFcxKLe1tKMzd+FqvWTchjMgw@mail.gmail.com>
References: <2FB1D8AD-2C22-4A09-B7AF-0EFD6F0DBACA@sn3rd.com>
<0469b84c-3009-427a-99ca-e7f6817f0b6c@www.fastmail.com>
<CADZyTknhZDi2JD5WRbKEOGDafHjhTkUm6QhOhv1kkA9BT1nekw@mail.gmail.com>
<37ff9a64-2749-4558-a675-5b251f06eb3a@www.fastmail.com>
<CADZyTkkS-CipB00+JMRrjNZqXhyCTdBhV11oydCNCCeG_M6ORg@mail.gmail.com>
<1cd34aff-915e-4f70-8f03-b644dab201c9@www.fastmail.com>
<CADZyTknNN5vXifm3Qu=JnVpC5cD7MRb8xBMSbT9DDB07C4=gPg@mail.gmail.com>
<99300d33-5a29-47e1-88ac-c83d385a9263@www.fastmail.com>
<895cd06a-a75a-45f4-986d-c1eaa7d4c83d@www.fastmail.com>
<CADZyTknpHkugotJxKUmSXU=qLrFcxKLe1tKMzd+FqvWTchjMgw@mail.gmail.com>
Date: Thu, 14 Nov 2019 09:02:00 -0800
From: "Christopher Wood" <caw@heapingbits.net>
To: "Daniel Migault" <daniel.migault@ericsson.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nPnJL_-9WBR6aaJI43Agi8MJMgM>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 17:02:27 -0000
On Thu, Nov 14, 2019, at 8:57 AM, Daniel Migault wrote: > Unless I am missing something, the text below seems to say otherwise. > Note: Although the resumption master secret depends on the client's > second flight, a server which does not request client authentication > MAY compute the remainder of the transcript independently and then > send a NewSessionTicket immediately upon sending its Finished rather > than waiting for the client Finished. This might be appropriate in > cases where the client is expected to open multiple TLS connections > in parallel and would benefit from the reduced overhead of a > resumption handshake, for example. Oops again. I only read the first sentence and drew the wrong conclusion. At any time after the server has received the client Finished message, it MAY send a NewSessionTicket message. > > > On Thu, Nov 14, 2019 at 11:52 AM Christopher Wood <caw@heapingbits.net> wrote: > > On Thu, Nov 14, 2019, at 8:48 AM, Christopher Wood wrote: > > > On Thu, Nov 14, 2019, at 8:43 AM, Daniel Migault wrote: > > > > If tickets are sent right after the server Finished, before the the > > > > client Finished, these are only triggered by the clientHello - at least > > > > this is my understanding. > > > > > > Yes, that's correct. I thought your comment was about post-handshake > > > tickets (after confirmation from the client). Adding a note about this > > > pre-handshake completion is fine with me. > > > > Scratch that! I forgot we limited this extension to TLS 1.3, which prohibits sending NSTs until the client finished is received (https://tools.ietf.org/html/rfc8446#section-4.6.1). > > > > Best, > > Chris > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls
- [TLS] WGLC for draft-ietf-tls-ticketrequests Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Jeremy Harris
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests David Schinazi
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests David Schinazi
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests David Schinazi
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Bill Frantz
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Ben Schwartz
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Ben Schwartz
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Jeremy Harris
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni