Re: [TLS] Questions about TLS Server Name Indication extension

To: tls at ietf.org
Subject: Re: [TLS] Questions about TLS Server Name Indication extension
From: Nelson B Bolyard <nelson at bolyard.me>
Date: Wed, 28 Oct 2009 16:26:05 -0700
Cc: Alexei.Volkov at sun.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <e8c553a60910281230t56e5ebf1w861174cd6bc10ebb at mail.gmail.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: Network Security Services
References: <E1N32Q4-00072H-J3 at wintermute01.cs.auckland.ac.nz> <4AE880CA.3060902 at bolyard.me> <e8c553a60910281230t56e5ebf1w861174cd6bc10ebb at mail.gmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre

On 2009-10-28 12:30 PDT, Wan-Teh Chang wrote:
> On Wed, Oct 28, 2009 at 10:35 AM, Nelson B Bolyard <nelson at bolyard.me> wrote:
>> In the context of a physical server acting as multiple virtual server,
>> is the space of session IDs coming from that server a single space that
>> encompasses all the sessions for all the virtual servers served by that
>> physical server?  Or does each virtual server have its own separate space?
>>
>> If each virtual server has its own separate session ID space, then when
>> attempting to "resume" or "restart" a TLS session, the client hello MUST
>> bear an SNI extension to inform the physical server which virtual server's
>> session ID space contains the given session ID, and each virtual server
>> potentially has its own separate session store/cache.
> 
> When attempting to resume a TLS session, the client hello must
> bear an SNI extension for another reason: it's not guaranteed that
> the server will accept the request to resume the session.  This issue
> is discussed in Section 2.3 of the TLS extensions RFC 3546.  (The
> RFC uses SHOULD instead of MUST.)
> 
>> OTOH, if there is a single session ID space for the entire physical server
>> covering all the virtual servers, then each cached session must record and
>> identify the virtual server with which it is associated.

There's another issue that arises with both the SNI extension and a single
session ID space for the entire physical server.  Which takes precedence?

Consider this scenario:
Physical host has two virtual hosts, A and B.
First handshake:
  client sends SNI with host name A, empty session ID.
  server does full handshake, session ID 1.
Second handshake (renegotiation):
  client sends SNI with host name B and session ID 1,

Session ID 1 implicitly identifies host A.

The server could
A)  Honor the session ID and ignore the SNI.
B)  Compare the host name in the SNI with the host name for session ID 1,
    observe the mismatch, and do a new FULL handshake for host B.
C)  Compare the host name in the SNI with the host name for session ID 1,
    observe the mismatch, and return a fatal error alert.

RFC 5246 seems to suggest choice A.  It says:

   Most current TLS extensions are relevant only
   when a session is initiated: when an older session is resumed, the
   server does not process these extensions in Client Hello, and does
   not include them in Server Hello.

But I tend to lean towards choice B myself.

What do other SNI server implementations do in this case?

Follow-Ups:
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Martin Rex
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Wan-Teh Chang
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Michael Gray

References:
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Nelson B Bolyard
- Re: [TLS] Questions about TLS Server Name Indication extension
  - From: Wan-Teh Chang

Prev by Date: Re: [TLS] Questions about TLS Server Name Indication extension
Next by Date: Re: [TLS] Questions about TLS Server Name Indication extension
Previous by thread: Re: [TLS] Questions about TLS Server Name Indication extension
Next by thread: Re: [TLS] Questions about TLS Server Name Indication extension
Index(es):
- Date
- Thread

Re: [TLS] Questions about TLS Server Name Indication extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.