On Wed, Nov 20, 2019 at 10:40:20AM +0800, Tommy Pauly wrote:
> > - 0x01-0xfe => client wants single-use tickets:
> > + send up to that many tickets on full handshake,
> > + however, generally send just 1 ticket on resumption, or when
> > replacing tickets during long-lived connections. This helps to
> > reduce chronic ticket "oversupply".
>
> Having a recommendation to generally just send one ticket
You left out the key qualification: "on resumption". Now perhaps
that strategy is only needed in the *absence* of any signal from
the client, and with the extension the onus is perhaps on the client
to send "1" once it has enough tickets, in which case the server
does not need to apply the heuristic that helps it to avoid chronic
ticket oversupply. In which case, the "generally send just 1" can
be left out, it is a side comment, not essential to the overall
proposal.
Somebody should try to avoid ending up with N new tickets after
every connection, but in could well be the client.
> doesn't address the motivating use case for the document, which is Happy
> Eyeballs (connection racing). Having multiple tickets is required in a steady
> state, so we shouldn't recommend against that.
>
> Any client that wants to only do the reuse case can just not use this
> extension.
No, the extension is *very* useful to such clients, to signal to the server
that that's what they want to do, so that the server then only issues new
tickets when necessary.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
