RFR[13] Release Note for Stateless Resumption

Anthony Scarpino anthony.scarpino at oracle.com
Mon Jul 15 23:10:29 UTC 2019


On 7/8/19 10:00 AM, Xuelei Fan wrote:
> On 7/8/2019 9:06 AM, Anthony Scarpino wrote:
>> On 7/8/19 8:30 AM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> A couple of comments.
>>>
>>> In the release note, "For TLS 1.3, stateless tickets use the existing 
>>> PSK resumption extension in RFC 8446[2]. TLS 1.3 will revert to the 
>>> session cache if the server property is false. "
>>>
>>> In CSR, "For TLS 1.3, stateless tickets use the existing PSK 
>>> resumption extension in (RFC 8446), which require no properties or 
>>> settings."
>>>
>>> The above two parts of information are not consistent.
>>
>> Correct, however, while 1.3 uses the existing ticekt mechanism for 
>> stateless and stateful without a property setting.  However the 
>> contents of that ticket do depend on the property.
>>
> I think for TLS 1.3, the contents of the ticket should be independent 
> from the property.  The property names 
> "jdk.tls.server.enableSessionTicketExtension" and 
> "jdk.tls.client.enableSessionTicketExtension" are about the ST 
> extension.  TLS 1.3 session resumption uses a different mechanism.
> 
> I may missed something.  Why you think the content of the ticket 
> depending on the property?
> 
> Thanks,
> Xuelei

The release notes have been changed and to reflect the planned not 
enabled by default state.

Tony


More information about the security-dev mailing list