The PNG may be too large to open from some mail system. Here is the PDF version. BTW, I also made an update on the use of AEAD algorithm with additional data.
Thanks, Xuelei
distributed_credential_protection.pdf
Description: Adobe PDF document
> On Oct 23, 2020, at 8:58 AM, Xuelei Fan <xuelei....@oracle.com> wrote: > > Hi, > > I'm working on the JEP to improve the scalability and throughput of the TLS > implementation, by supporting distributed session resumption across clusters > of computers. > > TLS session tickets will used for session resumption in a cluster. To support > distributed session resumption, a session ticket that is generated and > protected in one server node must be usable for session resumption on other > server nodes in the distributed system. Each node should use the same session > ticket structure, and share the secrets that are used to protect session > tickets. More details, please refer to the JEP: > https://bugs.openjdk.java.net/browse/JDK-8245551 > > It is a essential part of the implementation that we need to define a session > ticket protection scheme. The scheme will support key generation, key > rotation and key synchronization across clusters of computers. > > The attached doc_distributed_credential_protection.md is a markdown file, > which may not easy to read. So I attached a rendered picture as well. > > Please let me know if you have any concerns. Any comments are welcome. > > Thanks, > Xuelei > <distributed-credentials.png><doc_distributed_credential_protection.md>
