RFR[13] Release Note for Stateless Resumption
Anthony Scarpino
anthony.scarpino at oracle.com
Mon Jul 8 16:06:13 UTC 2019
On 7/8/19 8:30 AM, Xuelei Fan wrote:
> Hi,
>
> A couple of comments.
>
> In the release note, "For TLS 1.3, stateless tickets use the existing
> PSK resumption extension in RFC 8446[2]. TLS 1.3 will revert to the
> session cache if the server property is false. "
>
> In CSR, "For TLS 1.3, stateless tickets use the existing PSK resumption
> extension in (RFC 8446), which require no properties or settings."
>
> The above two parts of information are not consistent.
Correct, however, while 1.3 uses the existing ticekt mechanism for
stateless and stateful without a property setting. However the contents
of that ticket do depend on the property.
Initially the CSR was more clear about that, but I think as it got
edited in review that information was removed as it described the
property and handshake message relationship more.
Tony
>
>
> ----
> RFC 5077[1]
> RFC 8446[2]
> [1]: https://tools.ietf.org/html/rfc5077
> [2]: https://tools.ietf.org/html/rfc8446
>
> Just a very personal preference. May not need the cite references for
> RFCs, which are well known.
>
> ----
> "With less session information cached, some session information may not
> be available."
>
> I did not get the idea. These words may be confusing and misleading.
> All session information should be available once the session is
> established. I may just remove this sentence.
>
> ----
> TLS 1.2
>
> "TLS 1.2" are mentioned multiple times. The NST extension applies to
> TLS 1.0 and 1.1 as well. We may want to mention TLS 1.0/1.1 as well.
>
>
> Maybe, we can just copy the "Specification" section in the CSR as the
> release note.
>
> Thanks,
> Xuelei
>
>
> On 7/8/2019 8:01 AM, Sean Mullan wrote:
>> Fixed a couple of typos. Although it says "This feature is enabled by
>> default.", I think you should also say what the default values of the
>> 2 properties are, just to make it clear how it is enabled by default.
>>
>> Looks good otherwise.
>>
>> --Sean
>>
>> On 7/2/19 5:43 PM, Anthony Scarpino wrote:
>>> Hi,
>>>
>>> I needs a release note review of the Stateless Resumption work
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8227105
>>>
>>> thanks
>>>
>>> Tony
More information about the security-dev
mailing list