IETF Logo Mail Archive

Re: [TLS] Unifying tickets and sessions

Manuel Pégourié-Gonnard <mpg@polarssl.org> Tue, 21 October 2014 19:20 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 615591A1A52 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 12:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.397
X-Spam-Level:
X-Spam-Status: No, score=0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BCm2CxHFe9W for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 12:20:47 -0700 (PDT)
Received: from vps2.offspark.com (vps2.brainspark.nl [141.138.204.106]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A02591A1A3E for <tls@ietf.org>; Tue, 21 Oct 2014 12:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:CC:To:MIME-Version:From:Date:Message-ID; bh=baP7oqFJKWEqPH45mlj9lCj8gAXikD6Fym1Ojv68JpE=; b=NFRWp+6KisAsILeQYkUc+RWTm5urb168tk61mECkNEWdiqsh+I1hMh1NNKIK3yGnZXXyDZLpP2kUfoxfVRRnhzOUZd3tPdMmRhkCgxrqV6k85r/AF5GoOsb2oIdWV3Etegg/GITRnLK9yx0DZuFxU+JDAR1slq9Cc3DAlBp/xa0=;
Received: from thue.elzevir.fr ([88.165.216.11] helo=[192.168.0.124]) by vps2.offspark.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1Xgez2-0005yf-8H; Tue, 21 Oct 2014 21:20:40 +0200
Message-ID: <5446B20B.4030007@polarssl.org>
Date: Tue, 21 Oct 2014 21:20:43 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>, "Richard Fussenegger, BSc" <richard@fussenegger.info>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <5445775E.3050108@fussenegger.info> <54458113.1050304@polarssl.org> <20141020235832.GK19158@mournblade.imrryr.org> <544606E5.2070807@fussenegger.info> <CABkgnnXGW_6+AxkrLHicBXV+CPtr89w2FyGdB1+CwsS1B8y6OQ@mail.gmail.com>
In-Reply-To: <CABkgnnXGW_6+AxkrLHicBXV+CPtr89w2FyGdB1+CwsS1B8y6OQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 88.165.216.11
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.offspark.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/wJu5uU918ItIb45xjsC9EHbr8Co
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 19:20:49 -0000

On 21/10/2014 09:27, Martin Thomson wrote:
> On 21 October 2014 00:10, Richard Fussenegger, BSc
> <richard@fussenegger.info> wrote:
>> The idea of using a key length of at least the 'highest supported
>> ciphers'[*] sounds very good to me
> 
> There is no technical reason that you would want a minimum length on
> the ticket.  If you are using stateful resumption, a ticket of "1" or
> "2" is perfectly sufficient.
> 
I think there's a misunderstading here: it's about the size of the *key* used to
encrypted the ticket in case it's an actual ticket (as opposed to the more
general "token" notion).

Manuel.

v2.23.0 | Report a Bug | By Email