Hi all,

We've posted a substantially reworked version of our service-affinity draft
and would welcome review:
https://datatracker.ietf.org/doc/draft-wang-tls-service-affinity/

In brief, the mechanism lets a server relocate an established session to a
sibling instance of the same service:

- The server marks a session ticket relocatable (migration_allowed), with
the authorization sealed inside the server's own opaque ticket - so it
inherits RFC 8446 resumption security, with no new key schedule.
- The server can send a post-handshake migrate_request carrying an opaque
target; the target may directly carry the switchover address, or be
resolved by a control plane.
- The client then performs ordinary PSK resumption on the new instance.
Because only an instance holding the resumption keys can complete the move,
a client steered to an endpoint outside the trust domain fails closed.
Forward secrecy is required (psk_dhe_ke).

We have a running interoperability implementation across three independent
TLS stacks (tlslite-ng, picotls, and OpenSSL) that exercises the wire
elements and the relocation flow; we're happy to share the link and demo
it, and would like a short slot at IETF 126 to walk through the update.

Comments welcome.

Thanks,
Ketul (for the authors)
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to