On Friday, 16 March 2018 17:19:49 CET Matt Caswell wrote: > What is reasonable behaviour for a client to do with any tickets it has > previously received following a key update or a post-handshake > authentication? Should those old tickets be now considered out-of-date > and not used?
as far as I can tell KeyUpdate does affect only `application traffic secret`, not `resumption master secret` so the tickets should be kept in this case, they'd generate the same PSK resumption secret anyway (all else being equal) regarding authentication: Section E.1.2: If the client needs to determine if the server considers the connection to be unilaterally or mutually authenticated, this has to be provisioned by the application layer. so it doesn't look like it should affect what TLS implementation does. (I mean, I don't see anything related to recalculation of the secrets and encryption keys post-authentication) -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
