On Tue, Feb 04, 2020 at 03:08:31PM +0000, Jeremy Harris wrote:
> On 04/02/2020 13:56, Hubert Kario wrote:
> > the thing is that getting extra ticket from the server is at most an
> > inconvenience for postfix
>
> Isn't the giving out of needless tickets a performance cost
> for the server, as well as a bandwidth cost for the network?
>
> Or are tickets zero-cost to produce?
They are not free. They can be modestly large, especially when client
cert authencation was used on the initial connection, in which case at
least the EE cert is typically bundled into the ticket (some
implementations may save the whole chain).
This means that abbreviated resumption handshakes are now followed
with potentially an additional O(1 KB) of ticket traffic.
The CPU cost of encrypting the ticket is generally modest, but in
an RPC protocol over TLS, which relies on resumption to ammortise
handshake overhead, the extra payload may dwarf the application
traffic.
Squirreling away a fresh tickets after each RPC request may also
increase garbage collection pressure in some languages. Not all
the world is C, C++ or Rust.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
