Re: [TLS] Resumption ticket/PSK
Martin Thomson <martin.thomson@gmail.com> Thu, 19 May 2016 20:37 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A5E12D5CB for <tls@ietfa.amsl.com>; Thu, 19 May 2016 13:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0fHpYapAzSN for <tls@ietfa.amsl.com>; Thu, 19 May 2016 13:37:31 -0700 (PDT)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06BE2128B44 for <tls@ietf.org>; Thu, 19 May 2016 13:37:31 -0700 (PDT)
Received: by mail-ig0-x232.google.com with SMTP id bi2so123859452igb.0 for <tls@ietf.org>; Thu, 19 May 2016 13:37:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=nA+O40rBKNqhH54O/gVe21eSF2mSmnvqgLq59vmq6OE=; b=mnvgL6/1vRb10a00J+yx0kBNCsdmfRjiy6cCrXzWEd87ds7JGTWa+TfMOqWIj90NAh IKIpG6/241Fl/AUkEkmg+3LWP3ECIPDQj50Hzd7TXr2Ndb+PfiNkYRkVDq2n/aWD9C21 IqspasXlA3hg00CoQXnQ2dxn8dfku0u3jhPpXnLopyM1/g2t1V+aJybMdUpo8mXM9m+p YJk3cfd7oZMD45HwW2hGToyw9YZ6aoBLOcpIAzvQxWRqVQOOZ0N+t6swoIveNWu7Aogx v57YkENpmT/Up46ZLG+JzlV1aTD8QjPSrugxKwy4DHW8k6ZveN00fYOxSoXK0rc2BLuu QjMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=nA+O40rBKNqhH54O/gVe21eSF2mSmnvqgLq59vmq6OE=; b=PpbrT406EKPAyGzif5TX4wBGD668TT+Swi+E2AAOeXYA+UL2NMPpbneFSk4C3JWpYa ZKCJO6d04CrKK9vYT3OzAOuwrlKqW72jguWMf7WbGXBSz1x/MjaM5uGcRa9wya4mZ3UE 9pOFqgSrBWGxDotMhzPm5aMHUNllRcZ8TAHcLwSiTth7pylROM1Kp51lficb1ukI2lHq pmfagLcKP/IEgIxylXN/hlII1e+T+xWkD29edGGoNGjiqvlN5T5faYtdOYK7fPTY+lkM /JtzkZf2WPh45obpirYqdQ0DD36+yutfOq/xDFP/WR7GB+jI7H2UV5cwacSvF8NuUtc/ 26DQ==
X-Gm-Message-State: AOPr4FWK8h0uln9lmhl21W1eOhAFnasswY2izQr+7wBdGpwltJKc3cIOCn8+FzBYu6o9P4a+ZN6reQN7e81G2g==
MIME-Version: 1.0
X-Received: by 10.50.122.68 with SMTP id lq4mr2207240igb.77.1463690250335; Thu, 19 May 2016 13:37:30 -0700 (PDT)
Received: by 10.36.142.4 with HTTP; Thu, 19 May 2016 13:37:30 -0700 (PDT)
In-Reply-To: <20160519200124.GG3300@mournblade.imrryr.org>
References: <CAJU8_nVhM+xOnt8D8UJ8qvWUFts3s5n3gOQvJZYs=XWymfVOVQ@mail.gmail.com> <CABcZeBM8R8LC0wQfxp63BzfjRvLh4sYh4HdT5KZ8LXe2uE3GgQ@mail.gmail.com> <20160519190508.GE3300@mournblade.imrryr.org> <CAJU8_nW5jqO3DSvZZNpNQThnCb3P4bCBjE47uhjPRPB1ix6_mg@mail.gmail.com> <20160519191930.GF3300@mournblade.imrryr.org> <CAJU8_nXkSLxWJ3NdoXrqAgg3vD_mxRmGET82Di==wy9tSAewbA@mail.gmail.com> <20160519200124.GG3300@mournblade.imrryr.org>
Date: Thu, 19 May 2016 16:37:30 -0400
Message-ID: <CABkgnnWpNHxchq8GOCObL9iqicmmTw4R7gPgRA4m1sh-W43vkA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/rNBqGGHSdYeyijLqjSw1AREs7SM>
Subject: Re: [TLS] Resumption ticket/PSK
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 20:37:32 -0000
On 19 May 2016 at 16:01, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > Nevertheless, some clients may want to attempt to gain fine-grained > protection against correlating back to back or parallel resumption > requests. For this they'd have to ensure that all session tickets > are single use, and either perform new handshakes when increasing > the number of parallel connections to the server, or somehow obtain > more than one ticket within a single session. I believe that this is the intent of the PR. I've suggested an alternative wording that cleaves closer to your text above.
- [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Eric Rescorla
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Martin Thomson
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose