Re: [TLS] First TLS cached information draft posted

To: Simon Josefsson <simon at josefsson.org>, <martin.rex at sap.com>
Subject: Re: [TLS] First TLS cached information draft posted
From: Stefan Santesson <stefan at aaa-sec.com>
Date: Thu, 11 Jun 2009 23:32:28 +0200
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <87hbynajhs.fsf at mocca.josefsson.org>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Thread-index: Acnq3B5e96I5mdVVPUGV2jqDzvKtdg==
Thread-topic: [TLS] First TLS cached information draft posted
User-agent: Microsoft-Entourage/12.17.0.090302

Thanks for all the analysis and proposals.

Unfortunately I have been on constant travel and meetings since Monday
morning and it is not over until tomorrow night when I get home again.

I will go through this more carefully then and get back to you no later than
Monday.

/Stefan

On 09-06-10 11:04 PM, "Simon Josefsson" <simon at josefsson.org> wrote:

> Martin Rex <Martin.Rex at sap.com> writes:
> 
>> What you could do, is to unconditionally use an additional framing
>> for that being-cached parts of the TLS handshake messages for
>> for which the Client requested caching in the ClientHelloExtension
>> and and the Server acknowledged caching support in the
>> ServerHelloExtension.
>> 
>> (I'm not really accustomed to TLS spec language, so please
>>  apply common sense / corrections yourself):
>> 
>> enum {
>>    original_data(1),
>>    hash_over_original_data(2),
>>    omitted_hash_over_original_data(3),
>>    original_data_and_suggestion_to_not_cache(4),
>>    (255)
>> } CacheControlContentType;
>> 
>> struct {
>>    CacheControlContentType    type;
>>    opaque                     content<0..2^16-1>;
>> } CacheControlContent;
>> 
>>    
>> ...and drop the things that are not needed (but mentioned for completeness)
>> 
>> 
>> This approach would unconditionally change the (affected) PDU if caching is
>> negotiated but hashes do not match (as well).  It facilitates to omit
>> the actual hash value at this point in a non-ambiguous fashion
>> (the hash should be part of the handshake once, but having it
>> three times looks like waste).
> 
> I like this approach, it addresses both your and my original concerns.
> Stefan, what do you think?
> 
> The resulting protocol is more complex with the above, but given that
> the original proposal is unreliable, I think the complexity is warranted
> here.
> 
> /Simon
> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] First TLS cached information draft posted
  - From: Simon Josefsson

Prev by Date: Re: [TLS] First TLS cached information draft posted
Next by Date: Re: [TLS] First TLS cached information draft posted
Previous by thread: Re: [TLS] First TLS cached information draft posted
Next by thread: Re: [TLS] First TLS cached information draft posted
Index(es):
- Date
- Thread

Re: [TLS] First TLS cached information draft posted

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.