| Re: Issue 185: DTLS Session Resumption is optional | <– Date –> <– Thread –> |
From: Scott Kelly (skelly arubanetworks.com)
|
|
| Date: Tue, 16 Sep 2008 11:15:34 -0700 (PDT) | |
Pasi.Eronen wrote: > Scott Kelly wrote: > > > > Why is this "some unique identifier" needed? (Normal apps using > > > TLS -- which usually involves session resumption, too -- don't > > > need any such identifier; session resumption is something that > > > "just happens" when possible, and the app doesn't need to know > > > about it.) > > > > I think it's needed (along with special DTLS behavior) because of > > the way it's used: normally, TLS session resumption happens _for the > > same channel_, where the channel is identified by the 5-tuple > > (saddr, daddr, proto, sport, dport). In the capwap case, we are > > expecting DTLS to establish the control channel, and then to use > > session resumption to establish 1 or more data channel sessions (QoS > > requirements may dictate the need for more than one data channel), > > each with their own unique 5-tuples. > > > > Granted, this won't work with off-the-shelf DTLS implementations, > > but I think the wg participants understand and accept this. > > That's a good explanation, but you can't really figure it out > from the text :-) How about something like this? > > "Session resumption is typically used to establish the DTLS session > used for the data channel. Since the data channel uses different port > numbers than the control channel, the DTLS implementation on the WTP > MUST provide an interface that allows the CAPWAP module to request > attempting session resumption despite of the port number (TLS > implementations usually attempt session resumption only when > connecting to the same IP address and port number). " Suggesting slightly revised text: "Session resumption is typically used to establish the DTLS session used for the data channel. Since the data channel uses different port numbers than the control channel, the DTLS implementation on the WTP MUST provide an interface that allows the CAPWAP module to request session resumption despite the use of the different port numbers (TLS implementations usually attempt session resumption only when connecting to the same IP address and port number)." Pat may want to further wordsmith this to match the surrounding text (which I don't have in front of me just now). --Scott
- Re: Issue 185: DTLS Session Resumption is optional, (continued)
-
Re: Issue 185: DTLS Session Resumption is optional Pasi.Eronen, September 16 2008
-
Re: Issue 185: DTLS Session Resumption is optional Pat Calhoun (pacalhou), September 16 2008
- Re: Issue 185: DTLS Session Resumption is optional Scott Kelly, September 16 2008
- Re: Issue 185: DTLS Session Resumption is optional Pasi.Eronen, September 16 2008
- Re: Issue 185: DTLS Session Resumption is optional Scott Kelly, September 16 2008
- Re: Issue 185: DTLS Session Resumption is optional Pasi.Eronen, September 16 2008
-
Re: Issue 185: DTLS Session Resumption is optional Pat Calhoun (pacalhou), September 16 2008
-
Re: Issue 185: DTLS Session Resumption is optional Pasi.Eronen, September 16 2008
Results generated by Tiger Technologies using MHonArc.