On Sat, Nov 20, 2021 at 10:57:01AM +0000, John Mattsson wrote:
> I expect most TLS stacks to happily continue the connection after
> external PSK (I think those do not even have standard expiry
> times) or certificate expires.
>
> John: Yes, and I think they should. The application has the
> responsibility of External PSKs. I think TLS should just provide an
> alert (and an API) so that the application can signal to the other
> endpoint why it closed the connection. Reusing certificate_expiry
> seems like a good idea for external PSK.
Ticket lifetimes are short so that servers can cycle through keys more
often, improving forward secrecy. They can legitimately certainly have
much shorter lifetimetimes than the sessions established by using the
tickets. There is no realistic threat model in which keeping a session
alive past ticket expiration has particular security relevance.
The only thing that matters is what reasonable lifetime to impose
sessions, which has no connection with either certificate or ticket
lifetimes.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
