There are 2 different issues being discussed here, lifetime of tickets and configs.
It is probably better to revisit the discussion of whether or not to have ServerConfig be relative or absolute after it is decided whether or not the DH 0-RTT handshake will still exist. The general point I wanted to make is that relative times are practically enforceable by clients. For ticket_lifetime, which already is relative time, it is desirable to change them from an informative only behavior to being usable by clients, which Nick's pull request does. Enforcing relative time for things like tls ticket validity time has better security properties for certain use cases like key offloading. Nick's pull request limits the time clients can cache it to 7 days which is reasonable middle ground and clients can decide to delete the ticket earlier. I +1 the pull request. Subodh Iyengar ________________________________________ From: TLS [tls-boun...@ietf.org] on behalf of Salz, Rich [rs...@akamai.com] Sent: Monday, February 29, 2016 9:15 AM To: m...@sap.com Cc: tls@ietf.org Subject: Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint > What should be memorized/stored is absolute time-of-creation. If the structure itself includes absolute times, then the memorization is (trivially) simpler. > How long to consider it valid, is a local issue and not necessarily a constant > validity period over time. True. Treat it as a hint from the server. _______________________________________________ TLS mailing list TLS@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=qqjUPIB9UGopotanCAwZnp0-jzGVYglIQZJF_t3gzPA&s=-sv0ZsIso_1M3gqRtmLNdhvCr50uDuFVHhzZro2d4j8&e= _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
