On Fri, Aug 28, 2015 at 2:21 AM, Bill Cox <waywardg...@google.com> wrote:
> On Thu, Aug 27, 2015 at 5:00 PM, Emilia Käsper <emi...@openssl.org> wrote: > >> A client should (SHOULD) always repeat extensions on resumption though, >> as it can't know whether the resumption will be accepted. >> >> Do you have a specific example where you need to save custom extension >> state? We can think about extending the API, even though I imagine that >> anything that does need to keep state will be too complex and hairy to be >> handled by the generic extension mechanism. >> >> Cheers, >> Emilia >> >> > Yes, I need it for the Token Binding Negotiation > <https://tools.ietf.org/html/draft-popov-tokbind-negotiation-00> > extension. We negotiate acceptable Token Binding key parameters in this > TLS extension. On resumption, the negotiation fails because the server > does not include the custom extension in it's server hello. At this point, > the client loses the ability to use channel bound tokens. > It's not quite clear to me why you'd have to resend parameters on resumption. After all, they are definitive for the session. Best if the draft explicitly specifies resumption behaviour. It's also not clear to me that the serialized TLS session is the place to store the parameters. Shouldn't they rather be stored at the application level, alongside with the eventual token? But setting that aside, the interaction with extended master secret makes using custom extensions for this purpose tricky anyway. Custom extensions don't really support interaction with other extensions; there's no guarantee that you'll end up processing them in the right order. (But I've only skimmed the docs so it's possible I got it all wrong.) Cheers, Emilia > Thanks, > Bill > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev