shibboleth-dev - Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Subject: Shibboleth Developers
List archive
Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Chronological Thread
- From: Bradley Schwoerer <>
- To: "" <>
- Cc: "" <>
- Subject: Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
- Date: Wed, 09 Feb 2011 19:45:34 -0600
FWIW, Apple iOS products and most other mobile devices create a new tls
session after short periods of time when on non-wifi connections. I have
seen my iOS devices change ip addresses when there is 30seconds of network
idle time on AT&T's 3G network.
Bradley
On Feb 9, 2011, at 10:58 AM, "Cantor, Scott E."
<>
wrote:
>>> Don't focus on sessionid, in SSL3 and later. Work with the channel binding
>>> that cues off the finished messages (not the endpoint certs).
>>
>> Even if we understood how that would work, Java doesn't expose that
>> message.
>
> Actually, thinking about this, AFAIK, the server end of a bound TLS channel
> has to be relying on the session ID to know that it's the same client
> anyway. The Finished message is only there at the time the channel is
> bound, and subsequent traffic has to be recognized as coming from the same
> client for it to be useful. I don't think there's any other way to do that
> but the session ID across separate TCP connections.
>
> -- Scott
>
- [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Rod Widdowson, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kristof Bajnok, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Michael J. Wheeler, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Eric Norman, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kaspar Brand, 02/10/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/10/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
Archive powered by MHonArc 2.6.16.