RFR: CSR for 8211018 Session Resumption without Server-Side State
Sean Mullan
sean.mullan at oracle.com
Thu May 23 20:04:01 UTC 2019
On 5/23/19 2:45 PM, Anthony Scarpino wrote:
>> For previous system properties that enable extensions, we have used a
>> boolean property with the naming convention
>> "jdk.tls.client.enable<ExtensionName" (for example
>> "jdk.tls.client.enableStatusRequestExtension", so we should probably
>> stick to that convention and call it
>> "jdk.tls.client.enableSessionTicketExtension" (with value true/false).
>
> In those other cases with "enable<ExtName>" are they never on by
> default. I don't have a problem with renaming it for consistency. But,
> when the property is enabled by default, it seems a bit funny
> wording-wise to have to use "j.t.c.enableSessionTicketExtension=false"
Maybe, I guess you are saying that at some point, we might flip the
default to being on. But if that were the case, I think it would be rare
for someone to turn it off (probably mostly for debugging) and (to me
anyway) the usage above doesn't seem so weird.
--Sean
More information about the security-dev
mailing list