On Tue, Feb 04, 2020 at 03:08:31PM +0000, Jeremy Harris wrote: > On 04/02/2020 13:56, Hubert Kario wrote: > > the thing is that getting extra ticket from the server is at most an > > inconvenience for postfix > > Isn't the giving out of needless tickets a performance cost > for the server, as well as a bandwidth cost for the network? > > Or are tickets zero-cost to produce?
They are not free. They can be modestly large, especially when client cert authencation was used on the initial connection, in which case at least the EE cert is typically bundled into the ticket (some implementations may save the whole chain). This means that abbreviated resumption handshakes are now followed with potentially an additional O(1 KB) of ticket traffic. The CPU cost of encrypting the ticket is generally modest, but in an RPC protocol over TLS, which relies on resumption to ammortise handshake overhead, the extra payload may dwarf the application traffic. Squirreling away a fresh tickets after each RPC request may also increase garbage collection pressure in some languages. Not all the world is C, C++ or Rust. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls