IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-session-hash-04 and session resumption

mrex@sap.com (Martin Rex) Wed, 15 April 2015 01:53 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3FE01B3095 for <tls@ietfa.amsl.com>; Tue, 14 Apr 2015 18:53:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.551
X-Spam-Level:
X-Spam-Status: No, score=-6.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtkVMq8fEwKb for <tls@ietfa.amsl.com>; Tue, 14 Apr 2015 18:53:16 -0700 (PDT)
Received: from smtpde02.smtp.sap-ag.de (smtpde02.smtp.sap-ag.de [155.56.68.140]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B60DB1B3094 for <tls@ietf.org>; Tue, 14 Apr 2015 18:53:15 -0700 (PDT)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpde02.smtp.sap-ag.de (Postfix) with ESMTPS id 49053445D8; Wed, 15 Apr 2015 03:53:13 +0200 (CEST)
X-purgate-ID: 152705::1429062793-000007DF-8D45F0EC/0/0
X-purgate-size: 849
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id 3D16842E3A; Wed, 15 Apr 2015 03:53:13 +0200 (CEST)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id 357751B28A; Wed, 15 Apr 2015 03:53:13 +0200 (CEST)
In-Reply-To: <147002D3-4F04-4895-8826-C9FE3664D6BA@gmail.com>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 15 Apr 2015 03:53:13 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20150415015313.357751B28A@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/nvdp__W37fVqAxxrDqAwYJmXRBQ>
Cc: "tls@ietf.org" <tls@ietf.org>, Bill Cox <waywardgeek@google.com>
Subject: Re: [TLS] draft-ietf-tls-session-hash-04 and session resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 01:53:17 -0000

Karthikeyan Bhargavan wrote:
> How about the following:
>       If the original session did not use an extended master secret but
>       the new ClientHello does contain the "extended_master_secret"
>       extension, the server MUST fall back to a full handshake by
>       sending a ServerHello that rejects session resumption and offers a
>       new session.

Too complicated for my taste.  I do not see a need for words like
fallback and reject, and these actually do not exist in the TLS protocol.


     If the original session did not use an extended master secret but
     the new ClientHello does contain the "extended_master_secret"
     extension, the server MUST perform a full handshake to negotiate
     a new session (i.e. the server MUST NOT perform an abbreviated
     handshake aka session resume).


-Martin

v2.23.0 | Report a Bug | By Email