Hi Xuelei,
Given that 4507 is obsoleted in favor of 5077 is there really that much
value to supporting this older/broken extension format? Do we know of
clients that still adhere to 4507? Otherwise it seems better to stick
to 5077 and the approach in TLS 1.3 and not try to go back and support
an earlier obsoleted approach to this feature.
These lines took me to the cooperation behaviors between RFC 5077 and
RFC 4507. It looks like we don't support RFC 4507 format of
SessionTicket extension. As RFC 5077 and RFC 4507 use the same
extension ID for different extension format. There are potential
compatibility issues, and make session resumption impossible. I would
like to have a workaround to accept both formats. For example, using
the a cookie at the beginning of the ticket, as described in
appendix-A of RFC 5077.
I will review the rest of this class in the afternoon or tomorrow.
Thanks,
Xuelei
