shibboleth-dev - Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Subject: Shibboleth Developers
List archive
Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Chronological Thread
- From: Eric Norman <>
- To:
- Subject: Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
- Date: Wed, 09 Feb 2011 22:23:03 -0600
On Feb 9, 2011, at 7:49 PM, Cantor, Scott E. wrote:
> On 2/9/11 8:45 PM, "Bradley Schwoerer"
> <>
> wrote:
>> FWIW, Apple iOS products and most other mobile devices create a new tls
>> session after short periods of time when on non-wifi connections. I have
>> seen my iOS devices change ip addresses when there is 30seconds of
>> network idle time on AT&T's 3G network.
>
> I don't know if an IP address change necessarily invalidates a cached SSL
> session. Guess I could read the RFC, but I'm not really that bored.
It shouldn't. The SSL notion of a session does not mean the same thing as
TCP connection. It might be best to clarify when using the word "session"
It's best to think of the SSL session ID as just an identifier for the
symmetric
key (shared secret) used for communication across the TCP connection.
In theory, if both parties remember the SSL session ID and associated key,
then the SSL session can resumed later (like days later) without having to
repeat the SSL handshake and all the certificate rigamarole. After, all, the
final result of an SSL handshake is that a shared secret is established to be
used for encryption.
Eric
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, (continued)
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Michael J. Wheeler, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Eric Norman, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kaspar Brand, 02/10/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/10/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
Archive powered by MHonArc 2.6.16.