On Thu, Mar 05, 2020 at 01:42:03PM -0800, Nick Harper wrote:
> In regards to the 0 -> 1 mapping:
>
> Let's assume we have a client that wishes to reuse tickets when possible
> talking to a server that is content to allow ticket reuse (since I believe
> this is the use case Viktor cares about).
I care about all use cases, incuding the case where the server DOES NOT
support reuse, and the client is attempting to negotiate reuse.
> Without that mapping, the client sends a new_session_count of 1 and a
> resumption_count of 0. On a fresh connection, the client gets a (single)
> ticket, which it reuses for resumptions. On the resumed connections, the
> client gets no new tickets. Eventually (presumably 7 days after the initial
> fresh connection), the server rejects the resumption forcing a complete
> handshake, and issues a new ticket.
[ FWIW, Postfix will by default issue a fresh ticket once an hour ].
The above is NOT the problem case, that case works fine, the server
returning no tickets when the resumption count is zero is what servers
that *support* reuse would be expected to do.
The problem case is when the server does NOT support reuse, and still
issues zero tickets. Then the client tries to reuse the previous
ticket, but it is no longer usable, and so it ends up doing a full
handshake every other connection.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
