Re: [TLS] SNI and tickets and resumption

[mrex@sap.com (Martin Rex)]

Brian Sniffen wrote:
> 
> On the other hand, RFC 6066 also says:
> 
>    A server that implements [SNI] MUST NOT accept the request
>    to resume the session if the server_name extension contains a
>    different name.  Instead, it proceeds with a full handshake to
>    establish a new session. 
> 
> It doesn't sound like your server quite does that?

Correct, my server doesn't follow that formally provable invalid wording
above in the spec.  As I said, I only realized this fallacy in the spec
when I implemented it.


TLS session resumption is a performance optimization that happens at
the TLS level.  TLS server endpoint identification and selection/provisioning
of suitable server credentials is a matter of the application on top
of TLS.  Whether and how often the server uses resumption from
the cache or full handshake is the result of the caching&resumption
strategies & lifetimes of client plus server combined.

The purpose of SNI a hint from the client to the server which kind
of server endpoint identification the client is going to perform,
and the server may use that hint in selecting the most appropriate
server certificate.  If a full handshake and a session resumption
will result in the use of the exact same server certificate, then
the Server can freely choose which way to go (resume or full handshake),
provided that the client offers session resumption and the server
is capable of accepting it.


The server endpoint identification performed by the client is
an application-level matter, and ought to be performed independent
of whether a TLS session resumption of a TLS full handshake is performed.


-Martin