This document obsoletes RFC 4507 [RFC4507] to correct an error in the
encoding that caused the specification to differ from deployed
implementations. This update to RFC 4507 aligns the document with
this currently deployed implementations.
Working Group Summary
This document is an individual submission, and not the product of any
IETF working group.
Tim Polk reviewed this document for the IESG. Multiple implementations
of this specification exist.
Note to RFC Editor
- Section 3.1, next to last paragraph:
the server does not wish issue a new ticket and therefore does not ...
the server does not wish to issue a new ticket and therefore does not ...
- Section 3.2, third paragraph first sentence:
The server uses an zero-length SessionTicket extension to indicate to ...
The server uses a zero-length SessionTicket extension to indicate to ...
- Add to the end of Appendix A:
In addition this documents makes a few additional changes to RFC
o Clarifying that the server can allow session resumption using
a ticket without issuing a new ticket in section in Section 3.1
o Clarifying that the NewSessionTicket handshake message is
included in the hash generated for the Finished messages in Section 3.3
o Recommending the use of SHA-256 for the integrity protection
of the ticket in Section 4
o Clarifying that additional data can be included in the
StatePlaintext structure in Section 4
- In the authors' contact information for Hannes Tschofenig: