shibboleth-dev - RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Subject: Shibboleth Developers
List archive
RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Chronological Thread
- From: "Cantor, Scott E." <>
- To: "" <>
- Subject: RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
- Date: Wed, 9 Feb 2011 16:58:46 +0000
- Accept-language: en-US
> > Don't focus on sessionid, in SSL3 and later. Work with the channel binding
> > that cues off the finished messages (not the endpoint certs).
>
> Even if we understood how that would work, Java doesn't expose that
> message.
Actually, thinking about this, AFAIK, the server end of a bound TLS channel
has to be relying on the session ID to know that it's the same client anyway.
The Finished message is only there at the time the channel is bound, and
subsequent traffic has to be recognized as coming from the same client for it
to be useful. I don't think there's any other way to do that but the session
ID across separate TCP connections.
-- Scott
- [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Rod Widdowson, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kristof Bajnok, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Michael J. Wheeler, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Eric Norman, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kaspar Brand, 02/10/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/10/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
Archive powered by MHonArc 2.6.16.