IETF Logo Mail Archive

Re: [Cfrg] TLS PRF security proof?

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 09 July 2014 09:03 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE1731A0337 for <cfrg@ietfa.amsl.com>; Wed, 9 Jul 2014 02:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WC-33ylTuwj for <cfrg@ietfa.amsl.com>; Wed, 9 Jul 2014 02:03:43 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0082.outbound.protection.outlook.com [213.199.154.82]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 807F31A01DD for <cfrg@irtf.org>; Wed, 9 Jul 2014 02:03:42 -0700 (PDT)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) with Microsoft SMTP Server (TLS) id 15.0.985.8; Wed, 9 Jul 2014 09:03:39 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0985.008; Wed, 9 Jul 2014 09:03:39 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Andy Lutomirski <luto@amacapital.net>, Dan Brown <dbrown@certicom.com>
Thread-Topic: [Cfrg] TLS PRF security proof?
Thread-Index: Ac+a3pfHyneQDJEcQp6NTm7HFwn/FgAA5ayAAB62v4A=
Date: Wed, 09 Jul 2014 09:03:39 +0000
Message-ID: <CFE2C12F.2625C%kenny.paterson@rhul.ac.uk>
References: <810C31990B57ED40B2062BA10D43FBF5CB648D@XMB116CNC.rim.net> <CALCETrVekyPJeUdEReZ8L8zqrP5UOgHR4+MkYtNt2FFFdmMVew@mail.gmail.com>
In-Reply-To: <CALCETrVekyPJeUdEReZ8L8zqrP5UOgHR4+MkYtNt2FFFdmMVew@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.2.140509
x-originating-ip: [78.146.63.185]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 0267E514F9
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(51704005)(377454003)(479174003)(24454002)(199002)(189002)(106356001)(105586002)(83506001)(83322001)(19580395003)(19580405001)(50986999)(54356999)(76176999)(99396002)(64706001)(101416001)(87936001)(20776003)(2656002)(4396001)(85306003)(86362001)(92566001)(92726001)(85852003)(95666004)(83072002)(80022001)(66066001)(81342001)(81542001)(76482001)(79102001)(77982001)(46102001)(74662001)(31966008)(21056001)(74502001)(36756003)(74482001)(107046002)(217873001); DIR:OUT; SFP:; SCL:1; SRVR:DBXPR03MB383; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <24207E325C1C044EB2D03EB69E14A372@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/_obqMbWnExumYBj_UZ-qPdjGJXs
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] TLS PRF security proof?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 09:03:45 -0000

Andy,

On 08/07/2014 20:24, "Andy Lutomirski" <luto@amacapital.net> wrote:

>On Tue, Jul 8, 2014 at 12:19 PM, Dan Brown <dbrown@certicom.com> wrote:
>>
>> Dear CFRG list,
>>
>>
>>
>> Is there a published security proof for the current TLS PRF in the
>>draft TLS 1.3?
>>
>
>Would it be useful if CFRG were to publish a recommended PRF?  Perhaps
>something using a modern hash function combiner using (HMAC-)SHA-512
>and either SHA-3 or something from the Salsa/ChaCha family as the
>base?

I think this could be a useful activity for CFRG to take on, given the
widespread use of PRFs in IETF protocols - having a reference algorithm
for future protocol designers to use would be a good thing.

So I think the CFRG chairs would want to consider sponsoring any serious
effort in this direction.

On the other hand, CFRG is not really in the business of developing new
crypto from scratch (at least, that's my reading of the CFRG charter).

My first question, then, would be: are there any volunteers on the list
who are willing to dedicate some cycles to assessing the current state of
the art, as represented by existing RFCs and standards?

What is already out there that we could conveniently borrow from? Does
HMAC with a strong hash function already do the job, for example?

Cheers

Kenny

v2.23.0 | Report a Bug | By Email