[PATCH] session ticket support

Simon Josefsson simon at josefsson.org
Tue Aug 4 15:21:29 CEST 2009

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On Tue, Aug 4, 2009 at 2:59 PM, Simon Josefsson<simon at josefsson.org> wrote:
>> If we use our own pack/unpack format, it won't be possible to set up TLS
>> load-balancing between GnuTLS and some other implementation that accepts
>> session tickets on another format.  Maybe that is a minor issue, but it
>> could come up.  Or is there some other reason why that setup would never
>> work anyway?
> No not really :) Especially since the RFC ticket format is
> underdefined (several parts are missing).

Yes, and I suspect it is impossible to fully describe a format that
covers all TLS extensions.  What could be done to improve the current
document is to allow type=value extensibility to let implementations
store additional parameters.  As the spec progress, it can be improved
to specify some of the implementation-specific type=value fields.
Implementations that doesn't support a particular type=value attribute
can ignore it, and there could be better interoperability when using TLS
load-balancing.  If the document was designed this way, we could change
GnuTLS pack/unpack format to use the core format and then add the
non-standard parameters as extended type=value fields.

> If there will ever be some standard format we can switch our internal
> format and solve that issue, and in addition our DBs will be readable
> by others via memcached etc.



More information about the Gnutls-devel mailing list