On Thursday, 3 October 2019 05:44:27 CEST Viktor Dukhovni wrote: > > On Oct 2, 2019, at 11:20 PM, Christopher Wood <c...@heapingbits.net> wrote: > > > > Asking for one upon resumption seems reasonable to me. Thanks to you and > > Viktor for bringing up this case! > Thanks! Much appreciated. > > My other point, which I probably obscured in too many words, is > that a client that prefers to re-use existing tickets, would > normally want to ask for 0 new tickets, but this should not > necessarily preclude the server from issuing one *as needed* > (STEK rollover, ...). > > So there is a difference between a signal that tickets > are simply not wanted, vs. wanted only *as needed*. > > Do you have any thoughts on how a client might signal this? > > The use-case is clients and servers that don't make use of > early-data, and don't need to avoid traffic analysis. For > example, MTA-to-MTA traffic, where the client even identifies > in clear text with "EHLO". Here ticket reuse is the norm, > and renewal is only needed as tickets age. > > [ I hope I managed an suitably concise description this time... ]
Well, the client doesn't have any feedback from server that the server supports this extension so it will need to be able to handle tickets anyway. It can't use this extension to disable sending of tickets. now, we may say in the text, that's it's recommended for the server to still send them in case of resumption and STEK rollover of PHA, but I'm not sure if we're not too far into the weeds... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls