One other proposal which is related is to make server config have relative time as well instead of absolute time. If we don't make this relative this expiration time might not be practically enforceable due to clock skew.
This enforcement is relevant in situations where compromise of the ephemeral server config key is not the same as compromising the long term private key, for example in a SSL key offloading infrastructure. I do not think relative time introduces any new threats because the server still needs to prove possession of the private key to make new clients accept a server config. Thus a compromise of a server config key should only affect the initial data of clients who have cached a config modulo relative expiration time. Subodh Iyengar ________________________________ From: TLS [tls-boun...@ietf.org] on behalf of Benjamin Kaduk [bka...@akamai.com] Sent: Tuesday, February 23, 2016 10:43 AM To: Nick Sullivan; tls@ietf.org Subject: Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint On 02/23/2016 11:42 AM, Nick Sullivan wrote: My proposed change is to change the session ticket lifetime hint to a strict lifetime along the lines of the ServerConfiguration: But leave it as a relative time, contrasting the absolute expiration time of the server configuration -- why not go for full-out parallelism? -Ben ticket_lifetime Indicates the lifetime in seconds as a 32-bit unsigned integer in network byte order from the time of ticket issuance. Servers MUST NOT use any value more than 604800 seconds (7 days). The value of zero indicates that the ticket should be discarded immediately. Clients MUST NOT cache session tickets for longer than 7 days, regardless of the ticket_lifetime. It MAY delete the ticket earlier based on local policy. A server MAY treat a ticket as valid for a shorter period of time than what is stated in the ticket_lifetime. The full change is on Github as a pull request: https://github.com/tlswg/tls13-spec/pull/424<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_tlswg_tls13-2Dspec_pull_424&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=S4CFPnNBaB7swATOHOzQkIlnUwgvBaVelRwg-VJzz-g&s=IsvSLMYBUZf_IWLI_bWWg7vpIQk-qSFCzIvsMw7in_I&e=>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
