On 02/23/2016 11:42 AM, Nick Sullivan wrote: > My proposed change is to change the session ticket lifetime hint to a > strict lifetime along the lines of the ServerConfiguration: >
But leave it as a relative time, contrasting the absolute expiration time of the server configuration -- why not go for full-out parallelism? -Ben > ticket_lifetime > Indicates the lifetime in seconds as a 32-bit unsigned integer in > network byte order from the time of ticket issuance. Servers MUST NOT > use any value more than 604800 seconds (7 days). The value of zero > indicates that the ticket should be discarded immediately. Clients > MUST NOT cache session tickets for longer than 7 days, regardless of > the ticket_lifetime. It MAY delete the ticket earlier based on local > policy. A server MAY treat a ticket as valid for a shorter period of > time than what is stated in the ticket_lifetime. > > The full change is on Github as a pull request: > https://github.com/tlswg/tls13-spec/pull/424 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_tlswg_tls13-2Dspec_pull_424&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=S4CFPnNBaB7swATOHOzQkIlnUwgvBaVelRwg-VJzz-g&s=IsvSLMYBUZf_IWLI_bWWg7vpIQk-qSFCzIvsMw7in_I&e=>
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
