New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define a lifetime for DTLS session #617
Comments
https://tools.ietf.org/html/rfc5246#appendix-F.1.4
So very first, we should define, if this applies to "Resuming Sessions" or also to "connections". Though
seems to remove not only sessions, when they are tried to be resumed, it removes also "connections". Therefore I would guess, that this may have some "unwanted side effects". One I see, is that in cases of "expired connections", terminating the connection is not longer indicated to the other peer. |
It was obvious to me that when a session expired, correlated connections expired too. So, I looked deeper on this and I didn't find clear resource about that but now I was not so sure anymore...
Here a discussion about "why a session cache lifetime ?" So, what should we do ? Define 1 lifetime for session and 1 lifetime for connection ? |
Yes, I would go for two values (0 for disabled and NO "<" defined relation between the two values). |
I am not sure if I can follow. Looking at it from a server's perspective, I would argue that it is irrelevant whether a session is established and in use or whether it is resumed by a client at a later time. My understanding of the spec is that the lifetime of the session ID of the established session must/should not exceed 24h. Based on that I would think that the server terminates an established session once it has exceeded the limit and also reject attempts from clients to resume the session. The latter could be implemented by simply evicting all of the connection's state from the ConnectionStore. Or am I mistaken? |
I was understanding the same but after the @boaks' remarks I made some research and I concluded that this should probably not be interpreted in that way. (see all the links in #617 (comment))
Session ID/master_secret is about "impersonate a master_secret" and so this only about session resumption. I found nothing about a connection lifetime, but this seems clear that a long lived connection could introduce some issue about security especially about credentials expirations. So, we conclude that maybe this makes more sense to define 2 lifetime (one for connections and one for sessions ID/Session Ticket) I see benefits about that from a client perspective, this ensure that a connection established will not be closed some seconds later. |
I guess, the issue with TLS is, that caused by IDLE timeouts or other stuff, the TCP connection is terminated anyway and mostly earlier. Additionally, even, if you can access the connection "secrets", it would be hard to use them outside that TCP connection. Therefore the "connection secrets" seems to be not of interest in TLS. |
Just to mention: |
The lifetime of an established session currently has an upper boundary determined by the session's sequenceNumber counter. Once it has reached 2^48-1 the DTLSSession.getSequenceNumber() method throws an IllegalStateException. However, this exception is not caught anywhere and thus does not lead to the termination of the session, which I believe it should. I do agree, though, that it makes sense to disallow the resumption of a session based on a configurable maximum session age and use 24h as the default. |
In my opinion, this limits the "connection", because "resuming" a session would reset that sequence number.
As long as it is implemented configurable, I'm OK with it, even, if I belief, as written above, that for devices the security in too many cases will not be increased, as long as credentials and "master secret" are not handled different. |
It seems not right to me :
|
Just to say, I'm not against such a timeout, but FMPOV it's wrong to tell the people, that this will make a device more save. |
I get it, but if we agree this is useless this is even better to do nothing :-D, so I try to have a more accurate view about that. My vision for now :
|
My vision: The degree of security is mostly complex :-).
So in my opinion, it is left to the client to "terminate" sessions/connections on his level of security. |
here a discussion about session ticket lifetime in TLS 1.3 |
I would like to re-talk/re-work about this feature. I read this discussion again and I'm still not sure about the direction we should go... (not for 2.0.0-M15 :)) It seems there are 4 options :
By the way I add this paper, which talks a little bit about session lifetime and PFS. |
Does it means you think that 4 is the better option ? |
Yes, I think 4 is the better option. |
Should we close this issue ?
(from : #1007) |
The "cache" is used for too different things. |
I try to resume : Regarding RFCs and discussion above, we have 2 main concepts : connection and session. Each one could have a lifetime. With current implementation : 1. If Session cache is NOT used. Session and connection lifetime are tied. You can implement a kind of session lifetime using new You can not really implement a connection lifetime because you don't know the connection creation time. If we have this data, we could implement a kind of connection lifetime but killing the connection will also kill the session. 2. If Session cache is used. Session and connection lifetime are separated. "cache" will probably used persistent technology (database/redis), so it makes sense to me that the store handles "expiration" itself. You can implement a real session lifetime using your own You can not really implement a connection lifetime because you don't know the connection creation time. If we have this data, we could implement a real connection lifetime with Do I well understand ? |
The DTLSSession has a
I think, that's the connection/association time. |
Just to mention: |
Hibernating. |
The TLS 1.2 spec says: "An upper limit of 24 hours is suggested for session ID lifetimes, since an attacker who obtains a master_secret may be able to impersonate the compromised party until the corresponding session ID is retired."
We should implement this lifetime, making it configurable and setting it by default to 24h.
A short term solution could be to make
DTLSConnector(final DtlsConnectorConfig configuration, final ResumptionSupportingConnectionStore connectionStore)
public. This way anyone could implement its own store and so add session/connection lifetime.(This seems to be a community needs)
The text was updated successfully, but these errors were encountered: