On Sat, Nov 16, 2019 at 03:59:53PM -0800, Benjamin Kaduk wrote:
> > That also works, effectively treat 0xff as "-1", but all other
> > values as non-negative, with 0 a request for re-use. An isomorphic
> > encoding, but without the "-1".
>
> [Jeremy had a more eloquent description of the vague sketch of an idea that I
> had in my head]
Jeremy's "isomorphic" encoding works fine for me, and is likely less confusing.
So, FWIW, it has my support. Fleshing it out a bit more, I am proposing:
- 0xff => send no tickets
- 0x00 => reuse requested:
+ send no tickets if presented ticket is accepted and reusable
+ send one ticket if presented ticket is accepted, but is not reusable
(expired, or reuse is not allowed).
+ Also send one ticket if session could not be resumed and a full
handshake was performed. Clients that reuse tickets don't need a
separate one for each session, so one per full handshake should
suffice.
- 0x01-0xfe => client wants single-use tickets:
+ send up to that many tickets on full handshake,
+ however, generally send just 1 ticket on resumption, or when
replacing tickets during long-lived connections. This helps to
reduce chronic ticket "oversupply".
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
