[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] Stateless TLS Session Resumption extension and EAP-FAST.
I apologize if this gets duplicated, I had the wrong address registered:
During some recent work incorporating EAP-FAST support into our TLS
stack I have discovered that the devices we use for testing are
violating the format of the stateless session ticket extension
definition per RFC-4507. In all instances I have seen, the whole
SessionTicket is preceded by a two-byte 'type' field, i.e. the
definition is really
struct {
uint16 type;
opaque ticket<0..2^16-1>;
} SessionTicket;
I don't know the size of deployments of EAP-FAST devices versus other
implementations using the session ticket extension, but it seems that
either RFC-4507 needs to be updated to reflect what is actually
implemented or perhaps the extension should be split into two.
Regards,
Jan Nordqvist
_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls