On Tue, Jul 04, 2017 at 11:25:35AM +0100, Matt Caswell wrote: > On 4 July 2017 at 01:01, Eric Rescorla <e...@rtfm.com> wrote: > > - Modifying the key derivation for PSKs so that each session ticket > > is associated with a distinct PSK. > > Draft-21 says this about the ticket nonce: > > opaque ticket_nonce<1..255>; > ... > ticket_nonce A unique per-ticket value. > > > Within what context is "uniqueness" required? I am assuming that > uniqueness within the context of a single TLS connection is all that > is needed?
Yes, It has to be unique within a connection. > The nonce can be anything between 1 and 255 bytes long. There is no > guidance on a suitable length, so I am assuming I can choose anything > I like as long as the uniqueness constraint is met. OpenSSL > (currently) only ever issues a single ticket per TLS connection so is > a single 0 byte sufficient? Yes, if you only have one ticket per connection, then any legal fixed value is acceptable. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
