Re: [TLS] Wrapping up cached info (and PRF WTF)

Nicolas Williams <Nicolas.Williams@oracle.com> Mon, 17 May 2010 20:46 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F37528C123 for <tls@core3.amsl.com>; Mon, 17 May 2010 13:46:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.364
X-Spam-Level:
X-Spam-Status: No, score=-5.364 tagged_above=-999 required=5 tests=[AWL=1.234, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mr6-t+-4sYFp for <tls@core3.amsl.com>; Mon, 17 May 2010 13:46:09 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 2508028C0F7 for <tls@ietf.org>; Mon, 17 May 2010 13:46:09 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4HKjw60004576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 May 2010 20:45:59 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by rcsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4HIqmPG000895; Mon, 17 May 2010 20:45:57 GMT
Received: from abhmt019.oracle.com by acsmt353.oracle.com with ESMTP id 272060271274129055; Mon, 17 May 2010 13:44:15 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 17 May 2010 13:44:14 -0700
Date: Mon, 17 May 2010 15:44:09 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: "Kemp, David P." <DPKemp@missi.ncsc.mil>
Message-ID: <20100517204409.GE9429@oracle.com>
References: <C816DA05.66DF%uri@ll.mit.edu> <4BF168A3.40409@extendedsubset.com> <AC1CFD94F59A264488DC2BEC3E890DE50A67C326@xmb-sjc-225.amer.cisco.com> <201005171945.o4HJjNtp008322@stingray.missi.ncsc.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201005171945.o4HJjNtp008322@stingray.missi.ncsc.mil>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: rcsinet15.oracle.com [148.87.113.117]
X-CT-RefId: str=0001.0A090205.4BF1AB08.007A:SCFMA4539811,ss=1,fgs=0
Cc: tls@ietf.org
Subject: Re: [TLS] Wrapping up cached info (and PRF WTF)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 20:46:10 -0000

On Mon, May 17, 2010 at 03:45:19PM -0400, Kemp, David P. wrote:
> >> [Nico] Paul Hoffman proposes an extension to add inputs to the
> Finished 
> >> message computation.  There's no objection yet to Paul's proposal on 
> >> the grounds you state.
> >
> > [Marsh] I'm not sure the discussion got that far, so it's not evidence
> of much.
> 
> 
> Was this a verbal proposal?  Paul has submitted the following I-Ds:
> 
> draft-hoffman-tls-additional-random-ext-01  -- Additional Random
> Extension to TLS
> draft-hoffman-tls-master-secret-input-01    -- Additional Master Secret
> Inputs for TLS

draft-hoffman-tls-master-secret-input-01.

> but nothing that would add inputs to the Finished computation other than
> what was actually transmitted over the wire.

It changes the computation of the master secret, therefore it changes
the computation of the Finished message.

But none of that matters now because IMO the simplest fix here is to add
a handshake message that has a cryptographic hash of all the cached
objects' data -- or something along those lines.

Nico
--