Re: IETF Last Call: draft-salowey-tls-ticket-06.txt

The MAC will check out only if the servers are using the same key.  If the
servers regularly generate new keys (as is suggested in the


If there is no rnormative requirement that the MAC field actually contain 
a MAC, how can we assume this?  And if there is no algorithm indication, 
how do we know how long the MAC field is?

Doesn't the key_version field also provide a hint
as to whether the ticket is something that you
can recognize?


If the key_version field was globally and temporally unique (for example, 
if it included the server name + a counter) then it would provide that 
information.  But it's just a 32-bit integer.  If servers start
at zero, the chance of collision will be qu ite high. 

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: participation sans meeting attendance (was RE: Alternative formats for IDs), Melinda Shore

Next by Date:

Re: Troubles with UTF-8, Peter Dambier

Previous by Thread:

Re: IETF Last Call: draft-salowey-tls-ticket-06.txt, Jari Arkko

Next by Thread:

RE: IETF Last Call: draft-salowey-tls-ticket-06.txt, Bernard Aboba

Indexes:

[Date] [Thread] [Top] [All Lists]