RFR[13] Release Note for Stateless Resumption
Xuelei Fan
xuelei.fan at oracle.com
Mon Jul 8 15:30:37 UTC 2019
Hi,
A couple of comments.
In the release note, "For TLS 1.3, stateless tickets use the existing
PSK resumption extension in RFC 8446[2]. TLS 1.3 will revert to the
session cache if the server property is false. "
In CSR, "For TLS 1.3, stateless tickets use the existing PSK resumption
extension in (RFC 8446), which require no properties or settings."
The above two parts of information are not consistent.
----
RFC 5077[1]
RFC 8446[2]
[1]: https://tools.ietf.org/html/rfc5077
[2]: https://tools.ietf.org/html/rfc8446
Just a very personal preference. May not need the cite references for
RFCs, which are well known.
----
"With less session information cached, some session information may not
be available."
I did not get the idea. These words may be confusing and misleading.
All session information should be available once the session is
established. I may just remove this sentence.
----
TLS 1.2
"TLS 1.2" are mentioned multiple times. The NST extension applies to
TLS 1.0 and 1.1 as well. We may want to mention TLS 1.0/1.1 as well.
Maybe, we can just copy the "Specification" section in the CSR as the
release note.
Thanks,
Xuelei
On 7/8/2019 8:01 AM, Sean Mullan wrote:
> Fixed a couple of typos. Although it says "This feature is enabled by
> default.", I think you should also say what the default values of the 2
> properties are, just to make it clear how it is enabled by default.
>
> Looks good otherwise.
>
> --Sean
>
> On 7/2/19 5:43 PM, Anthony Scarpino wrote:
>> Hi,
>>
>> I needs a release note review of the Stateless Resumption work
>>
>> https://bugs.openjdk.java.net/browse/JDK-8227105
>>
>> thanks
>>
>> Tony
More information about the security-dev
mailing list