Re: [TLS] First TLS cached information draft posted

To: martin.rex at sap.com
Subject: Re: [TLS] First TLS cached information draft posted
From: Simon Josefsson <simon at josefsson.org>
Date: Wed, 10 Jun 2009 23:04:15 +0200
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200906101840.n5AIecJE020341 at fs4113.wdf.sap.corp> (Martin Rex's message of "Wed, 10 Jun 2009 20:40:38 +0200 (MEST)")
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <87bpowaxhj.fsf at mocca.josefsson.org> <200906101840.n5AIecJE020341 at fs4113.wdf.sap.corp>
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

Martin Rex <Martin.Rex at sap.com> writes:

> What you could do, is to unconditionally use an additional framing
> for that being-cached parts of the TLS handshake messages for
> for which the Client requested caching in the ClientHelloExtension
> and and the Server acknowledged caching support in the
> ServerHelloExtension.
>
> (I'm not really accustomed to TLS spec language, so please
>  apply common sense / corrections yourself):
>
> enum {
>    original_data(1),
>    hash_over_original_data(2),
>    omitted_hash_over_original_data(3),
>    original_data_and_suggestion_to_not_cache(4),
>    (255)
> } CacheControlContentType;
>
> struct {
>    CacheControlContentType    type;
>    opaque                     content<0..2^16-1>;
> } CacheControlContent;
>
>    
> ...and drop the things that are not needed (but mentioned for completeness)
>
>
> This approach would unconditionally change the (affected) PDU if caching is
> negotiated but hashes do not match (as well).  It facilitates to omit
> the actual hash value at this point in a non-ambiguous fashion
> (the hash should be part of the handshake once, but having it
> three times looks like waste). 

I like this approach, it addresses both your and my original concerns.
Stefan, what do you think?

The resulting protocol is more complex with the above, but given that
the original proposal is unreliable, I think the complexity is warranted
here.

/Simon

Follow-Ups:
- Re: [TLS] First TLS cached information draft posted
  - From: Stefan Santesson
- Re: [TLS] First TLS cached information draft posted
  - From: Stefan Santesson

References:
- Re: [TLS] First TLS cached information draft posted
  - From: Simon Josefsson
- Re: [TLS] First TLS cached information draft posted
  - From: Martin Rex

Prev by Date: Re: [TLS] First TLS cached information draft posted
Next by Date: Re: [TLS] First TLS cached information draft posted
Previous by thread: Re: [TLS] First TLS cached information draft posted
Next by thread: Re: [TLS] First TLS cached information draft posted
Index(es):
- Date
- Thread

Re: [TLS] First TLS cached information draft posted

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.