Fast-Track Session Establishment for TLS
نویسندگان
چکیده
We propose a new, “fast-track” handshake mechanism for TLS. A fast-track client caches a server’s public parameters and negotiated parameters in the course of an initial, enabling handshake. These parameters need not be resent on subsequent handshakes. The new mechanism reduces both network traffic and the number of round trips, and requires no additional server state. These savings are most useful in high latency environments such as wireless networks. We include a rollback mechanism to allow a server to gracefully revert to an ordinary TLS handshake when needed. Our design is fully backwards compatible: fast-track clients can interoperate with servers unaware of fast-track and vise versa. We have implemented our proposal to demonstrate the savings in network traffic and round trips.
منابع مشابه
RFC 4507 Stateless TLS Session
This document describes a mechanism that enables the Transport Layer Security (TLS) server to resume sessions and avoid keeping per-client session state. The TLS server encapsulates the session state into a ticket and forwards it to the client. The client can subsequently resume a session using the obtained ticket. Salowey, et al. Standards Track [Page 1] RFC 4507 Stateless TLS Session Resumpti...
متن کاملConnection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)
This document specifies how to establish secure connection-oriented media transport sessions over the Transport Layer Security (TLS) protocol using the Session Description Protocol (SDP). It defines a new SDP protocol identifier, ’TCP/TLS’. It also defines the syntax and semantics for an SDP ’fingerprint’ attribute that identifies the certificate that will be presented for the TLS session. This...
متن کاملRFC 4572 Comedia over TLS in SDP
This document specifies how to establish secure connection-oriented media transport sessions over the Transport Layer Security (TLS) protocol using the Session Description Protocol (SDP). It defines a new SDP protocol identifier, ’TCP/TLS’. It also defines the syntax and semantics for an SDP ’fingerprint’ attribute that identifies the certificate that will be presented for the TLS session. This...
متن کاملSSL/TLS Session-Aware User Authentication: A Lightweight Alternative to Client-Side Certificates
Many SSL/TLS-based e-commerce applications employ traditional authentication mechanisms on the client side. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to man-in-the-middle attacks. In this article, we examine the feasibility of such attacks, survey countermeasures, and explain the rationale behind SSL/TLS session-aware user authentication as a lightweight an...
متن کاملTransport Layer Security (TLS) Session Resumption without Server-Side State
Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document describes a mechan...
متن کامل