gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] session ticket support


From: Simon Josefsson
Subject: Re: [PATCH] session ticket support
Date: Tue, 04 Aug 2009 15:21:29 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1.50 (gnu/linux)

Nikos Mavrogiannopoulos <address@hidden> writes:

> On Tue, Aug 4, 2009 at 2:59 PM, Simon Josefsson<address@hidden> wrote:
>
>> If we use our own pack/unpack format, it won't be possible to set up TLS
>> load-balancing between GnuTLS and some other implementation that accepts
>> session tickets on another format.  Maybe that is a minor issue, but it
>> could come up.  Or is there some other reason why that setup would never
>> work anyway?
>
> No not really :) Especially since the RFC ticket format is
> underdefined (several parts are missing).

Yes, and I suspect it is impossible to fully describe a format that
covers all TLS extensions.  What could be done to improve the current
document is to allow type=value extensibility to let implementations
store additional parameters.  As the spec progress, it can be improved
to specify some of the implementation-specific type=value fields.
Implementations that doesn't support a particular type=value attribute
can ignore it, and there could be better interoperability when using TLS
load-balancing.  If the document was designed this way, we could change
GnuTLS pack/unpack format to use the core format and then add the
non-standard parameters as extended type=value fields.

> If there will ever be some standard format we can switch our internal
> format and solve that issue, and in addition our DBs will be readable
> by others via memcached etc.

Right.

/Simon




reply via email to

[Prev in Thread] Current Thread [Next in Thread]