Thanks for the response - yes, I do understand I'm re-purposing this mechanism
in a creative way. At this time, it's just for experimental purposes.
On 4/3/18, 5:34 PM, "Viktor Dukhovni" <vik...@dukhovni.org> wrote:
> On Apr 3, 2018, at 11:00 AM, Henderson, Karl via openssl-users
<openssl-users@openssl.org> wrote:
>
> I know there may be a million reasons people can tell me not to do this,
but for some dome code, I need to have a client contact a server with an
RFC5077 ticket (not one previously sent from the server) with a propriety
payload in the IV. I’d like to use the key_name in the ticket to get a key. And
then I’d like to use this and create a valid context and hmac so that I can
have a 0-RTT startup.
This is too sketchy to provide a meaningful response. Session tickets are
a mechanism for a server to *export* its session state to clients, allowing the
server to do stateless session resumption. They are not a mechanism for
anything else, and other uses are likely to be fragile, and possibly insecure.
Too much creativity here is risky.
> Are there any good examples on how this might be done?
Probably not.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
