Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementing sesson tickets #784

Open
kazu-yamamoto opened this issue Dec 17, 2019 · 1 comment
Open

Implementing sesson tickets #784

kazu-yamamoto opened this issue Dec 17, 2019 · 1 comment
Assignees
@kazu-yamamoto
Labels
tls

Comments

@kazu-yamamoto
Copy link
Contributor

warp-tls now uses Network.TLS.SessionManager. The motivation which I implemented this module is to allow early data (0RTT) of TLS 1.3. It requires that session information is used only once to prevent replay attacks. For this purpose, sessionResumeOnlyOnce ofSessionManager was introduced in tls. And in-memory manager was required to check the only-once policy.

However, memory usage of the session manager is more expensive than I imagined. So, I would like to implement the approach of session tickets which can off-load the session information to clients. With this approach, we should give up the early data. This is trade-off:

  • Session manager: much memory but can use early data
  • Session tickets: very little memory but cannot use early data

So, I'm planning to let warp-tls users to choose either the session manager or the session tickets. Probably, we should discuss which one should be the default.
@kazu-yamamoto kazu-yamamoto self-assigned this Dec 17, 2019
@vdukhovni
Copy link

FWIW, I agree that early data is not worth it. Use session tickets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kazu-yamamoto kazu-yamamoto

Labels
tls
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kazu-yamamoto @vdukhovni