IETF Logo Mail Archive

[TLS] Re: 【Reply to the comments after the presentation in Montreal】RE: Re: FW: New Version Notification for draft-wang-tls-service-affinity-00.txt

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 28 January 2026 12:22 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AD463AE42E7B; Wed, 28 Jan 2026 04:22:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DDJ3ySmZlOvy; Wed, 28 Jan 2026 04:22:11 -0800 (PST)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 682FDAE42E6E; Wed, 28 Jan 2026 04:22:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=COO2VmjIw6AwwndusFTCQX2fkmiKIKoSKMca7ABK/gU=; b=WLjznZQnLs+Mu0un5HVsYrhLXf C/VxAIX+abbCrGvVfIymzPRMCmJbBOnddTHXHSClNXl/gf69O7kvfs0pSjjbbtx53Vjtgm/XzgIWA lr0IGYTkK1tK+oEHv8EMq76+ZohujjQyju2xm+9RH0aabkCRZZ7633wXEcN/R42yu/cksgZMJTf+p H8gBsKusrYZC4FI3jbdN8k4HioXF9Dud9mjFRG/yqeryk8i/DbeczLtRjd4JtNKvH/uUsNLySbvjn 1sjwgqLMT3BJp/pI8o7tknnuqAOOyjmGPo7davhS/15U7wbq5bXVkdsSLphcW+CKNIpGZ/WfAOoz9 ih2SS3rw==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vl4Yk-005zlO-BN; Wed, 28 Jan 2026 13:22:10 +0100
Received: from [10.12.5.228] (141.76.13.165) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Wed, 28 Jan 2026 13:21:01 +0100
Message-ID: <d16caff7-4160-4eed-8c1a-5011fab57156@tu-dresden.de>
Date: Wed, 28 Jan 2026 13:21:00 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Aijun Wang <wangaijun@tsinghua.org.cn>
References: <000001dc7615$cf415b70$6dc41250$@tsinghua.org.cn> <CABcZeBM=59id8msEU2i=qQXiwNKZnHTBAJ85zmEKD8USQF5z_w@mail.gmail.com> <004e01dc7974$957ebab0$c07c3010$@tsinghua.org.cn> <CABcZeBPgw0Fsz0QyD6T2Q8CoZcWbXQS_ptoTqNfbBGydawdVRw@mail.gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CABcZeBPgw0Fsz0QyD6T2Q8CoZcWbXQS_ptoTqNfbBGydawdVRw@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms000600030905060005060602"
X-ClientProxiedBy: MSX-T414.msx.ad.zih.tu-dresden.de (172.26.35.134) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Message-ID-Hash: WKANOI2LJ54VCBFDPJHCZYZB4LTNZKR3
X-Message-ID-Hash: WKANOI2LJ54VCBFDPJHCZYZB4LTNZKR3
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org, draft-wang-tls-service-affinity@ietf.org, Mohit Sahni <msahni@paloaltonetworks.com>, Aijun Wang <wangaj3@chinatelecom.cn>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: 【Reply to the comments after the presentation in Montreal】RE: Re: FW: New Version Notification for draft-wang-tls-service-affinity-00.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ojnALTAtwV0VSZ50sTKy77rp-vo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

[ Looping back to the point where the question was raised ]

I did some preliminary working for you. It is purely at TLS layer, i.e., 
I don't consider higher layers like HTTP. It /may/ provide you a way 
forward for this particular question.

On 30.12.25 15:40, Eric Rescorla wrote:
> On Tue, Dec 30, 2025 at 2:10 AM Aijun Wang <wangaijun@tsinghua.org.cn> 
> wrote:
>
>     If there is data arrival during the switchover, the internal
>     implementation logic is the application layer will call the api of
>     TLS/TCP to send some data, with the same session identifier.
>
> I don't know what you mean by "The same session identifier". There is 
> no concept in TLS that two different TCP connections are somehow the 
> same conceptual flow of data. PSK identifiers solely identify keys.

Session identifier is a common confusion that arises from TLS 1.2. In 
contrast, TLS 1.3 has no session identifiers. It instead has the concept 
of /connection/ and the identifiers of TLS 1.3 connection are just 
implicit. Depending on specific scenario, the following three keys may 
uniquely identify a TLS 1.3 connection:

 1. Shared DH secret (g^xy)
 2. Handshake secret: In addition to #1, it has randomness from PSK, if
    one is being used (and your draft seems to be using PSK).
 3. Main secret: Secrets derived from this secret have server
    authentication, as the handshake transcript up to server Finished is
    included.

So depending on your specific scenario, you could replace /session_id/ 
in /MigrationToken/ by one of those.

Having said that, you have to defend yourself why for your scenario, you 
want to do it within TLS handshake, because the draft is very confusing 
to me -- in terms of its threat model, desired security goals and 
protocol (mixing TLS 1.2 and TLS 1.3).

-Usama

v2.46.0 | Report a Bug | By Email | System Status