Hi all, We've posted a substantially reworked version of our service-affinity draft and would welcome review: https://datatracker.ietf.org/doc/draft-wang-tls-service-affinity/
In brief, the mechanism lets a server relocate an established session to a sibling instance of the same service: - The server marks a session ticket relocatable (migration_allowed), with the authorization sealed inside the server's own opaque ticket - so it inherits RFC 8446 resumption security, with no new key schedule. - The server can send a post-handshake migrate_request carrying an opaque target; the target may directly carry the switchover address, or be resolved by a control plane. - The client then performs ordinary PSK resumption on the new instance. Because only an instance holding the resumption keys can complete the move, a client steered to an endpoint outside the trust domain fails closed. Forward secrecy is required (psk_dhe_ke). We have a running interoperability implementation across three independent TLS stacks (tlslite-ng, picotls, and OpenSSL) that exercises the wire elements and the relocation flow; we're happy to share the link and demo it, and would like a short slot at IETF 126 to walk through the update. Comments welcome. Thanks, Ketul (for the authors)
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
