[Top] [All Lists]

Re: IETF Last Call: draft-salowey-tls-ticket-06.txt

2006-01-01 12:05:56
Bernard Aboba <aboba(_at_)internaut(_dot_)com> writes:

In the extreme case (client gets different server every time, and none 
of the servers can understand tickets generated by other servers), it
will degrade to normal TLS (full handshake done every time).

From what I can see, the Ticket structure does not uniquely identify the 
ticket type or ticket version, so that there is no easy way for the server 
to determine what type of ticket has been submitted to it, or whether the 
client is using the recommended format or not.  The server checks the mac 
in the last 20 octets, and if this is valid, then it decrypts the 
encrypted_state.  However, if the client were using the same mac, but a 
different ticket format, the mac could check out, but the StatePlaintext 
would not match.  A Ticket Type/Version field would make it clear to the 
server whether it is handling a Ticket of known type. 

I'm not sure I understand this, Bernard. The client doesn't need
to know anything about the ticket format or get to decide
anything about the mac. It's just the server talking to itself. 


Ietf mailing list