RFR[13] Release Note for Stateless Resumption

Xuelei Fan xuelei.fan at oracle.com
Mon Jul 8 15:30:37 UTC 2019


A couple of comments.

In the release note, "For TLS 1.3, stateless tickets use the existing 
PSK resumption extension in RFC 8446[2]. TLS 1.3 will revert to the 
session cache if the server property is false. "

In CSR, "For TLS 1.3, stateless tickets use the existing PSK resumption 
extension in (RFC 8446), which require no properties or settings."

The above two parts of information are not consistent.

RFC 5077[1]
RFC 8446[2]
[1]: https://tools.ietf.org/html/rfc5077
[2]: https://tools.ietf.org/html/rfc8446

Just a very personal preference. May not need the cite references for 
RFCs, which are well known.

"With less session information cached, some session information may not 
be available."

I did not get the idea.  These words may be confusing and misleading. 
All session information should be available once the session is 
established.  I may just remove this sentence.

TLS 1.2

"TLS 1.2" are mentioned multiple times.  The NST extension applies to 
TLS 1.0 and 1.1 as well.  We may want to mention TLS 1.0/1.1 as well.

Maybe, we can just copy the "Specification" section in the CSR as the 
release note.


On 7/8/2019 8:01 AM, Sean Mullan wrote:
> Fixed a couple of typos. Although it says "This feature is enabled by 
> default.", I think you should also say what the default values of the 2 
> properties are, just to make it clear how it is enabled by default.
> Looks good otherwise.
> --Sean
> On 7/2/19 5:43 PM, Anthony Scarpino wrote:
>> Hi,
>> I needs a release note review of the Stateless Resumption work
>> https://bugs.openjdk.java.net/browse/JDK-8227105
>> thanks
>> Tony

More information about the security-dev mailing list