[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Stateless TLS Session Resumption extension and EAP-FAST.

To: "Jan Nordqvist" <jnordqvist@xxxxxxxxxxxxxxxxxx>, <tls@xxxxxxxx>
Subject: RE: [TLS] Stateless TLS Session Resumption extension and EAP-FAST.
From: "Joseph Salowey \(jsalowey\)" <jsalowey@xxxxxxxxx>
Date: Mon, 5 Mar 2007 14:18:19 -0800
Authentication-results: sj-dkim-3; header.From=jsalowey@xxxxxxxxx; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc:
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2082; t=1173133101; x=1173997101; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@xxxxxxxxx; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@xxxxxxxxx> |Subject:=20RE=3A=20[TLS]=20Stateless=20TLS=20Session=20Resumption=20exte nsion=20and=20EAP-FAST. |Sender:=20; bh=Qggd7ZABo0GN9KtZTbzSRRDoPWNs9e+ON3Puf8EQE9k=; b=BwXNXsSsiqjOXLUDVtcHvHNonjUe9nFdhxUlll6BeDBdR78HLcQyrbYWo9thMrNvotdsr2vS haD5POTqnSBVdn1lLLqiYDtdwTY6JIZUB80yTpl/Ea8zyhyucJoP/piZ;
In-reply-to: <45E72ECD.9000603@xxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Thread-index: AcdcO18dYchwt6jARjGQj1RE7JzOdgDN6srA
Thread-topic: [TLS] Stateless TLS Session Resumption extension and EAP-FAST.

Hi Jan,

You are correct, there is an issue with current implementation.  Thanks
for pointing this out.  Details follow:

Current EAP-FAST implementations do not format the extension correctly
as to spec.  They leave out one of the length fields.

EAP-FAST implementation:

      struct {
  	   uint16 extensionType 	
 	   opaque ticket<0..2^16-1>
      } SessionTicketExtension

Example encoding: 00 23 LL LL TT TT TT ...

LL - ticket length
TT - ticket

RFC4507:

>     struct {
>        opaque ticket<0..2^16-1>;
>     } SessionTicket;
>
>    struct {
>  	   uint16 extensionType 	
> 	   opaque SessionTicket<0..2^16-1>
>    } SessionTicketExtension
>

Example encoding: 00 23 LN LN LL LL TT TT TT....

LN - length of ticket + 2-bytes

Joe 

> -----Original Message-----
> From: Jan Nordqvist [mailto:jnordqvist@xxxxxxxxxxxxxxxxxx] 
> Sent: Thursday, March 01, 2007 11:52 AM
> To: tls@xxxxxxxx
> Subject: [TLS] Stateless TLS Session Resumption extension and 
> EAP-FAST.
> 
> I apologize if this gets duplicated, I had the wrong address 
> registered:
> 
> During some recent work incorporating EAP-FAST support into 
> our TLS stack I have discovered that the devices we use for 
> testing are violating the format of the stateless session 
> ticket extension definition per RFC-4507. In all instances I 
> have seen, the whole SessionTicket is preceded by a two-byte 
> 'type' field, i.e. the definition is really
> 
> struct {
>     uint16 type;
>     opaque ticket<0..2^16-1>;
> } SessionTicket;
> 
> I don't know the size of deployments of EAP-FAST devices 
> versus other implementations using the session ticket 
> extension, but it seems that either RFC-4507 needs to be 
> updated to reflect what is actually implemented or perhaps 
> the extension should be split into two.
> 
> Regards,
> Jan Nordqvist
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@xxxxxxxxxxxxxx
> https://www1.ietf.org/mailman/listinfo/tls
> 

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Stateless TLS Session Resumption extension and EAP-FAST.
  - From: Joseph Salowey \(jsalowey\)

References:
- [TLS] Stateless TLS Session Resumption extension and EAP-FAST.
  - From: Jan Nordqvist

Prev by Date: [TLS] TLS 1.2 draft
Next by Date: Re: [TLS] TLS 1.2 draft
Previous by thread: [TLS] Stateless TLS Session Resumption extension and EAP-FAST.
Next by thread: RE: [TLS] Stateless TLS Session Resumption extension and EAP-FAST.
Index(es):
- Date
- Thread