Browse Prior Art Database

Transport Layer Security (TLS) Session Resumption without Server-Side State (RFC5077)

IP.com Disclosure Number: IPCOM000166863D
Original Publication Date: 2008-Jan-01
Included in the Prior Art Database: 2008-Jan-26
Document File: 21 page(s) / 42K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Salowey: AUTHOR [+4]

Abstract

This document describes a mechanism that enables the Transport Layer Security (TLS) server to resume sessions and avoid keeping per-client session state. The TLS server encapsulates the session state into a ticket and forwards it to the client. The client can subsequently resume a session using the obtained ticket. This document obsoletes RFC 4507.

This text was extracted from an ASCII text file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group                                         J. Salowey Request for Comments: 5077                                       H. Zhou Obsoletes: 4507                                            Cisco Systems Category: Standards Track                                      P. Eronen                                                                    Nokia                                                            H. Tschofenig                                                   Nokia Siemens Networks                                                             January 2008

        Transport Layer Security (TLS) Session Resumption without                           

Server-Side

State

Status of This Memo

   This document specifies an Internet standards track protocol for the    Internet community, and requests discussion and suggestions for    improvements.  Please refer to the current edition of the "Internet    Official Protocol Standards" (STD 1) for the standardization state    and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document describes a mechanism that enables the Transport Layer    Security (TLS) server to resume sessions and avoid keeping per-client    session state.  The TLS server encapsulates the session state into a    ticket and forwards it to the client.  The client can subsequently    resume a session using the obtained ticket.  This document obsoletes    RFC 4507.

 Salowey, et al.             Standards Track                     [Page 1]
 RFC 5077            Stateless TLS Session Resumption        January 2008

 Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3

   3.  Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . .  3

     3.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . .  4

     3.2.  SessionTicket TLS Extension  . . . . . . . . . . . . . . .  7

     3.3.  NewSessionTicket Handshake Message . . . . . . . . . . . .  8

     3.4.  Interaction with TLS Session ID  . . . . . . . . . . . . .  9

   4.  Recommended Ticket Construction  . . . . . . . . . . . . . . . 10

   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12

     5.1.  Invalidating S...