On Tue, Jan 21, 2020 at 05:46:10PM -0500, Viktor Dukhovni wrote:
> > 2. The additional cost of multiple tickets seems extraordinarily
> > small, so I am not at all persuaded that there is enough value in
> > this use case to justify adding new protocol machinery, even
> > ignoring point (1) above.
>
> Postfix has a shared cache (indexed by destination domain+mx host) for
> multiple independent processes racing to use the cache to make remote
> SMTP connections.
I should add that currently Postfix servers with OpenSSL 1.1.1 (i.e.
with TLS 1.3 support) always send 0 tickets on resumption, i.e. expect
that SMTP clients are willing to reuse the previously vended ticket.
Thus a key benefit of the proposed refinement to the extension would be
to allow SMTP clients that want a fresh ticket to unambiguously signal
that intent, and thereby allow *greater* use of single-use tickets.
It would also Postfix differentiate between MTAs and MUAs, where the
latter are likely to want fresh tickets, but even on port 587 or
465, not all clients are MUAs, some are null-client MTAs relaying
to a "smarthost".
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
