[PATCH] session ticket support
Simon Josefsson
simon at josefsson.org
Tue Aug 4 15:21:29 CEST 2009
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On Tue, Aug 4, 2009 at 2:59 PM, Simon Josefsson<simon at josefsson.org> wrote:
>
>> If we use our own pack/unpack format, it won't be possible to set up TLS
>> load-balancing between GnuTLS and some other implementation that accepts
>> session tickets on another format. Maybe that is a minor issue, but it
>> could come up. Or is there some other reason why that setup would never
>> work anyway?
>
> No not really :) Especially since the RFC ticket format is
> underdefined (several parts are missing).
Yes, and I suspect it is impossible to fully describe a format that
covers all TLS extensions. What could be done to improve the current
document is to allow type=value extensibility to let implementations
store additional parameters. As the spec progress, it can be improved
to specify some of the implementation-specific type=value fields.
Implementations that doesn't support a particular type=value attribute
can ignore it, and there could be better interoperability when using TLS
load-balancing. If the document was designed this way, we could change
GnuTLS pack/unpack format to use the core format and then add the
non-standard parameters as extended type=value fields.
> If there will ever be some standard format we can switch our internal
> format and solve that issue, and in addition our DBs will be readable
> by others via memcached etc.
Right.
/Simon
More information about the Gnutls-devel
mailing list