[16884] in cryptography@c2.net mail archive
TLS session resume concurrency?
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Thu Feb 10 19:01:44 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 10 Feb 2005 15:59:04 -0500
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
If multiple processes (or threads) have access to a shared TLS session
cache, does the cache need N sessions to serve N threads? Or can (I
think unlikely if sessions resume stream-ciphers from internal state
in the cache) the same session be used by multiple clients?
Postfix only has one TLS session slot per-peer, and so high concurrency
destinations will typically renegotiate (N-1)/N connections. If an SSL
session can be resumed from the same saved state multiple (overlapping)
times the design need not change. Otherwise the problem calls for a
multiple-session per destination cache...
If the symmetric cypher is fully re-keyed when sessions are resumed
while avoiding the fresh start PKI overhead, then life is simple
and sessions can be re-used unmodified. Otherwise I may need to
ponder on designs for a multi-valued cache.
--
/"\ ASCII RIBBON NOTICE: If received in error, \ /
CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
