There are already multiple ways to set session tickets but they all require key material. At Cloudflare we want to use a remote Keyless-style system.
I suggest the following interface.
type SessionTicketWrapper interface {
// Wrap returns a session ticket value that can be later passed to Unwrap
// to recover the content, usually by encrypting it. The ticket will be sent
// to the client to be stored, and will be sent back in plaintext, so it can
// be read and modified by an attacker.
Wrap(cs *ConnectionState, content []byte) (ticket []byte, err error)
// Unwrap returns a session ticket contents. The ticket can't be assumed
// to having been generated by Wrap.
// If unable to unwrap the ticket, the connection will proceed with a
// complete handshake.
Unwrap(chi *ClientHelloInfo, ticket []byte) (content []byte, success bool)
}crypto/tls would be responsible of serializing and deserializing the session state.
This works cleanly with TLS 1.3 PSK, too, but I wonder if we will need more stuff in the interface to allow it to do replay protection, too.
/cc @Bren2010 @agl
There are already multiple ways to set session tickets but they all require key material. At Cloudflare we want to use a remote Keyless-style system.
I suggest the following interface.
crypto/tls would be responsible of serializing and deserializing the session state.
This works cleanly with TLS 1.3 PSK, too, but I wonder if we will need more stuff in the interface to allow it to do replay protection, too.
/cc @Bren2010 @agl