Re: [TLS] Re: when is it ok to resume a cached SSL/TLS session
<home_pw@msn.com> Mon, 15 January 2007 16:06 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6ULu-0006Ar-Az; Mon, 15 Jan 2007 11:06:30 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6ULt-0006Am-6V for tls@ietf.org; Mon, 15 Jan 2007 11:06:29 -0500
Received: from bay0-omc3-s34.bay0.hotmail.com ([65.54.246.234]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H6ULq-0001T3-Ke for tls@ietf.org; Mon, 15 Jan 2007 11:06:29 -0500
Received: from hotmail.com ([65.55.131.16]) by bay0-omc3-s34.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 15 Jan 2007 08:06:26 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Jan 2007 08:06:25 -0800
Message-ID: <BAY126-DAV649C9E2DAC40983624F6292B50@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV6.phx.gbl with DAV; Mon, 15 Jan 2007 16:06:24 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: martin.rex@sap.com
References: <20070115154600.A77285C01E@laser.networkresonance.com>
Subject: Re: [TLS] Re: when is it ok to resume a cached SSL/TLS session
Date: Mon, 15 Jan 2007 08:06:23 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 15 Jan 2007 16:06:25.0754 (UTC) FILETIME=[1BAC63A0:01C738BF]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
>> The server doesn't recognize that session and replies >> with >> a Server Hello containing his highest protocol version, >> plus >> plus server certificate message plus client cert request >> plus >> server hello done. The popular Web Browser closes the >> network >> connection without sending any kind of SSL alert and >> shows >> "Page cannot be displayed" to the user. >> >> >> I firmly believe that this is a conceptual flaw on the >> client >> side, making a flawed assumption about when a cached SSL >> session >> can be expected to be resumable. > > ISTM that there are two issues here: > > 1. Whether the client should have offered asession ID. > 2. Whether it should have choked when the server refused. > > Without taking a position on the first, which I think is > tricky, > the client should definitely not have choked. Servers can > always > refuse to accept a resumption. > > -Ekr I reasoned differently, because this is an https context - there is thus a URL resolver involved. The validity of a secure URL is not the same as the validity of an SSL-named layer 4 TCP port (or SSL-named PPP tunnel connection,....) At the SSL layer, the client sought a session resumption from a named layer 4 port. Session resumption means that the URL resolver at the https layer, however, is based on the client's connection state , not the host/port parsing. This includes the binding of URLs used in session creation, and the URL used in connection establishment (which are allowed to differ) IN the cited case, a server responding from a given layer 4 port of the second URL refused to resume a session (for some reason, like it didn't share session state records with another implementation). It then correctly engaged in a full handshake (with unusual custom pipelining of full handshake messages). The client is entitled to reject the handshake, as in any full/partial rehandshake case. The client uses the conforming option to close the TLS Transport (TCP) rather than perform a close. This is reasonable, given the URL resource showed no knowledge of the sessionid/keying material. --- I exploit the SSL architecture myself, sending server HelloRequests to my clients which respond with a clientHello (with special data in the time/nonce), a server Hello is similarly sent with similar custom time/nonce, which causes the client to finally issue a "sorry no"... alert, non-fatal. My special data happens to be time-synced OTPs (with CR capability, beyond STD 61), generated by a USB smartcard device. Given the flow is occurring over the current connection state (which is running mac'ed in my cipher suite, and each fragment gets DOA semantics from the confidentiality service) I'm adding timing signals to the SSL record_layer essentially. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex