You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
warp-tls now uses Network.TLS.SessionManager. The motivation which I implemented this module is to allow early data (0RTT) of TLS 1.3. It requires that session information is used only once to prevent replay attacks. For this purpose, sessionResumeOnlyOnce ofSessionManager was introduced in tls. And in-memory manager was required to check the only-once policy.
However, memory usage of the session manager is more expensive than I imagined. So, I would like to implement the approach of session tickets which can off-load the session information to clients. With this approach, we should give up the early data. This is trade-off:
Session manager: much memory but can use early data
Session tickets: very little memory but cannot use early data
So, I'm planning to let warp-tls users to choose either the session manager or the session tickets. Probably, we should discuss which one should be the default.
The text was updated successfully, but these errors were encountered:
warp-tls
now usesNetwork.TLS.SessionManager
. The motivation which I implemented this module is to allow early data (0RTT) of TLS 1.3. It requires that session information is used only once to prevent replay attacks. For this purpose,sessionResumeOnlyOnce
ofSessionManager
was introduced intls
. And in-memory manager was required to check the only-once policy.However, memory usage of the session manager is more expensive than I imagined. So, I would like to implement the approach of session tickets which can off-load the session information to clients. With this approach, we should give up the early data. This is trade-off:
So, I'm planning to let warp-tls users to choose either the session manager or the session tickets. Probably, we should discuss which one should be the default.
The text was updated successfully, but these errors were encountered: