RFC 5077 Quiz

TLS Session Tickets

🇺🇸 🇯🇵

0 / 0

References (URLs)

RFC 5077: Session Tickets and TLS Extensions

Goal: understand what a ticket is, who encrypts it, and what happens if keys leak.

Show explanation immediately Show all answers

Q1: A TLS session ticket is primarily used to

Multiple Choice

A. Replace certificate validation B. Enable plaintext HTTP C. Resume a prior session without server side session state

**Explanation:** **Correct (C):** Tickets allow the server to offload state into an encrypted blob the client can present later

Q2: Who protects the confidentiality and integrity of the ticket contents

Multiple Choice

A. The client encrypts the ticket with its private key B. The server encrypts and authenticates the ticket with a ticket key C. DNSSEC signs the ticket

**Explanation:** **Correct (B):** The server issues the ticket and must manage the keys used to protect it

Q3: A major operational risk of long lived ticket keys is

Multiple Choice

A. If the key leaks, past captured sessions may become decryptable depending on TLS version and configuration B. The key leak only affects future sessions C. Ticket keys cannot be rotated

**Explanation:** **Correct (A):** Ticket key compromise can undermine forward secrecy goals for resumed sessions **Related:** Key rotation and lifetime management matter

Q4: Good hygiene for session tickets includes (select all)

Multi-Select

A. Rotate ticket protection keys B. Limit ticket lifetime C. Ensure all relevant servers share keys if resumption across nodes is needed D. Store ticket keys in client side localStorage

**Explanation:** **Correct (A,B,C):** Tickets are a key management story, not just a performance story **Options:** - D (incorrect): Ticket keys are server secrets

Q5: A difference between server side session caches and tickets is

Multiple Choice

A. Tickets require UDP B. Tickets can be stateless for the server at the cost of managing ticket keys C. Tickets remove the need for TLS

**Explanation:** **Correct (B):** Server cache needs state storage, tickets move state to the client plus server key management

Q6: What do you call the encrypted blob the client stores to resume a TLS session

Short Text

**Explanation:** **Correct:** ticket or session ticket