On Thu, 10 Feb 2005 15:59:04 -0500, Victor Duchovni <[EMAIL PROTECTED]> wrote: > If the symmetric cypher is fully re-keyed when sessions are resumed > while avoiding the fresh start PKI overhead, then life is simple > and sessions can be re-used unmodified. Otherwise I may need to > ponder on designs for a multi-valued cache.
I don't fully understand how you phrased the question in the two deleted paragraphs, but this one accurately describes the SSL/TLS session cache: it holds a shared secret derived from the original key exchange. For each connection, completely new encryption & authentication keys are derived from this shared secret and per-connection random nonces provided by each party. One session can be safely reused for many connections, either serially or in parallel. The session cache is also write-once: starting a new connection from a session needn't update the cached secret or other parameters. - Tim --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
