[16895] in cryptography@c2.net mail archive
Re: TLS session resume concurrency?
daemon@ATHENA.MIT.EDU (Tim Dierks)
Wed Feb 16 08:02:41 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20050210205903.GJ14968@piias899.ms.com>
Date: Fri, 11 Feb 2005 11:31:16 -0500 (EST)
From: "Tim Dierks" <tim@dierks.org>
To: "Victor Duchovni" <Victor.Duchovni@MorganStanley.com>
Cc: cryptography@metzdowd.com
Reply-To: tim@dierks.org
On Thu, 10 Feb 2005 15:59:04 -0500, Victor Duchovni
<Victor.Duchovni@morganstanley.com> wrote:
> If the symmetric cypher is fully re-keyed when sessions are resumed
> while avoiding the fresh start PKI overhead, then life is simple
> and sessions can be re-used unmodified. Otherwise I may need to
> ponder on designs for a multi-valued cache.
I don't fully understand how you phrased the question in the two deleted
paragraphs, but this one accurately describes the SSL/TLS session cache:
it holds a shared secret derived from the original key exchange. For each
connection, completely new encryption & authentication keys are derived
from this shared secret and per-connection random nonces provided by each
party. One session can be safely reused for many connections, either
serially or in parallel. The session cache is also write-once: starting a
new connection from a session needn't update the cached secret or other
parameters.
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
