Re: [TLS] Extensions and session resumption

To: badra at isima.fr
Subject: Re: [TLS] Extensions and session resumption
From: Eric Rescorla <ekr at networkresonance.com>
Date: Sat, 03 May 2008 07:00:42 -0700
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <56912.78.113.143.138.1209812943.squirrel@www.isima.fr>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <481C40CF.6060708@pobox.com> <56912.78.113.143.138.1209812943.squirrel@www.isima.fr>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Sat, 3 May 2008 13:09:03 +0200 (CEST),
badra at isima.fr wrote:
> 
> > It's late, so I might be missing something, but I
> > can't find any information about what clients and
> > servers should put into hello extensions when they
> > intend to resume a previous session.
> 
> 
> In [RFC4366] section 3:
> 
>       If the resumption request is denied, the use of the extensions is
>       negotiated as normal.
> 
>       If, on the other hand, the older session is resumed, then the
>       server MUST ignore the extensions and send a server hello
>       containing none of the extension types.  In this case, the
>       functionality of these extensions negotiated during the original
>       session initiation is applied to the resumed session.
> 
> 
> > My code wants at least the server name extension
> > to be in the client hello in order for the server
> > to easily find the cached session (since you can
> > set up multiple session caches).  But it also makes
> > some sense to require the inclusion of truncated
> > HMAC, for example.
> 
> I think this is not possible with the current specifications (the *MUST*
> in the text above). Instead, this could be done using a local mapping.

Yes. Put an indicator in the session_id of which cache you wish to
use if you ahve more than one.

-Ekr

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Extensions and session resumption
  - From: Mike

References:
- [TLS] Extensions and session resumption
  - From: Mike
- Re: [TLS] Extensions and session resumption
  - From: badra

Prev by Date: Re: [TLS] Extensions and session resumption
Next by Date: Re: [TLS] Extensions and session resumption
Previous by thread: Re: [TLS] Extensions and session resumption
Next by thread: Re: [TLS] Extensions and session resumption
Index(es):
- Date
- Thread

Re: [TLS] Extensions and session resumption

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.