Hi, I have several questions about TEAP TLS session resume since I am not sure I succeeded to interpret the relevant sections of RFC 7170 and RFC 5077 correctly.
1) Does it make sense for TEAP server to support both TLS session resume using server state and TLS session resume using PAC? Should the server have an explicit configuration of which type of session resume it supports? In EAP-FAST there was a dedicated stage of PAC provisioning (Phase 0) that typically ended with PAC provisioning to the client inside the tunnel. However TEAP RFC says that PAC should be provisioned either as TLS session ticket after client sent empty TLS SessionTicket extension or in Phase 2 after client requested a PAC in Request-Action TLV + PAC TLV. So in TEAP PAC provisioning is always initiated by the client. This gives the server a chance to presume that if the client didn’t ask for PAC - it doesn’t support PACs and thus the server should save TLS state of this conversation in its memory for subsequent TLS session resume using server state. 2) Should it be a restriction for the total time of TLS session resume using PAC as it exists for TLS session resume using server state? RFC 5077 says that if the conversation was resumed using SessionTicket then the server can provide a new SessionTicket. Every SessionTicket has its lifetime restriction but the total time of sequential conversations that apply TLS session resume using SessionTicket (PAC) is not restricted. I.e. there is no requirement to conduct a full TLS handshake once per specific time interval. Doesn’t it create a security issue? Or is it totally on client's responsibility to conduct a full TLS handshake once per specific time so the client can verify TLS server's certificate? 3) TEAP RFC says: "If the PAC-Opaque included in the SessionTicket extension is valid and the EAP server permits the abbreviated TLS handshake, it will select the ciphersuite from information within the PAC-Opaque and finish with the abbreviated TLS handshake." What is the reason for storing ciphersuite in the PAC and using it in TLS session resume using PAC, if server can anyway control the ciphersuites to eliminate weak cipher usage? Thank you in advance for your answers, Oleg
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
