That's only because there is some chance that the ticket binds in more contextual information. In practice, this might also happen as a result of application-layer changes. At the TLS layer, it's hard to know exactly why the new ticket was issued. If it was just adding another ticket to the pile of available tickets, or whether it replaced previous tickets. As the consequences of using an invalid ticket aren't serious, I would suggest that you simply use the most recent one. If you only use each ticket once, then use the most recent one and hope that it's still current.
As ekr says, the old ticket isn't invalid from the perspective of TLS. That only happens at the expiration time, and as the server decides. You know the former, and can only guess at the latter. On Fri, Mar 16, 2018 at 4:36 PM, Eric Rescorla <e...@rtfm.com> wrote: > On Fri, Mar 16, 2018 at 4:19 PM, Matt Caswell <m...@openssl.org> wrote: >> >> What is reasonable behaviour for a client to do with any tickets it has >> previously received following a key update or a post-handshake >> authentication? Should those old tickets be now considered out-of-date >> and not used? > > > There is no good reason to discard tickets received post KeyUpdate. The > KeyUpdate > has no impact on their security. > > It's probably reasonable to discard tickets received after Post-Handshake > Auth if a new > ticket is received, as that ticket might incorporate the client's > authenticated identity. Otherwise > I wouldn't bother. > > -Ekr > >> >> Matt >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
