[Top] [All Lists]

Re: IETF Last Call: draft-salowey-tls-ticket-06.txt

2006-01-03 06:48:13
The MAC will check out only if the servers are using the same key.  If the
servers regularly generate new keys (as is suggested in the

If there is no rnormative requirement that the MAC field actually contain 
a MAC, how can we assume this?  And if there is no algorithm indication, 
how do we know how long the MAC field is? 

Doesn't the key_version field also provide a hint
as to whether the ticket is something that you
can recognize? 

If the key_version field was globally and temporally unique (for example, 
if it included the server name + a counter) then it would provide that 
information.  But it's just a 32-bit integer.  If servers start
at zero, the chance of collision will be qu ite high. 

Ietf mailing list