[TLS] Pull request for session hash
Eric Rescorla <ekr@rtfm.com> Fri, 07 November 2014 22:02 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 649F51A1B3A for <tls@ietfa.amsl.com>; Fri, 7 Nov 2014 14:02:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.577
X-Spam-Level:
X-Spam-Status: No, score=-0.577 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UH7du6am5Rby for <tls@ietfa.amsl.com>; Fri, 7 Nov 2014 14:02:09 -0800 (PST)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE161A1B46 for <tls@ietf.org>; Fri, 7 Nov 2014 14:02:09 -0800 (PST)
Received: by mail-wi0-f173.google.com with SMTP id n3so5872549wiv.6 for <tls@ietf.org>; Fri, 07 Nov 2014 14:02:08 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=77KgWw4l6e1vCpOnkoQ8IpZR4RwiK2q14AtYvaGrpM8=; b=dJIrlNMErX3Rw31p8qBBmLzJvljLnLWeQsLiU2MXV5QOj0+i31weBMpbv8XinOXrre wvfjZ2q0VEdeI4Y8zgiStqseVNQJUsp4DTtjw/vDHitekNO060Ff/ovu3d+0vSn8cQA1 0gAehkZTF4xRaa4nUfh4NWB7A62s5e1Cc6vn86cbFNoc/PDxJUFSrqAUbhhJeqRB/oyx FeaAv8wq2xbSa05zh5xRu/ncAKt+alWihC7hlKb5fjRZxjcGzUbQGg96OQagkJcUtGmr TWoJmZwWgHAnxPMp8zpQ0mrQyAcpRcsAIT2KSPGBde5ykto2c6WskwM0r49WZZfylBF1 imfw==
X-Gm-Message-State: ALoCoQm9P/zRArkLJ2zN50P3LDvo1R75lQiEWPGbASYqjHkLZ3rSUadmtU4tVgvPka3PdRUnjeg6
X-Received: by 10.180.88.68 with SMTP id be4mr8934970wib.36.1415397728094; Fri, 07 Nov 2014 14:02:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.49.198 with HTTP; Fri, 7 Nov 2014 14:01:27 -0800 (PST)
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 07 Nov 2014 14:01:27 -0800
Message-ID: <CABcZeBNj2n-UM-qwVH8PSV+7MgS6kNxzqQZ20J3DtfZ8tLg9-Q@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f46d04428f1acca35e05074bf639"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/30O7AEXDrZw19inkm-QgIIvtsbM
Subject: [TLS] Pull request for session hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Nov 2014 22:02:12 -0000
I've created a preliminary pull request to adapt the session hash fix for TLS 1.3 for feedback from the WG. Points to note: - IMPORTANT: Because the initial handshake messages are encrypted under separate keys from the application data traffic, it seems like we need to have 2 sets of CCS messages or none. In anticipation of removing renegotiation (see PR https://github.com/tlswg/tls13-spec/pull/88). Based on conversations with Alfredo and Martin, it seemed easier to remove them. Warning: analysis needed here. - I created a separate resumption master secret that is fed into the key hierarchy. This makes the description of that simpler but will need revisiting if we adopt either Rich's unification of session hash and tickets or Karthik's PSK-as-tickets unification, but that seemed like a separate issue. - If we adopt the Update proposal we will also need to split the master keys into two directional keys, but that's distinct as well. - I still need to add the names of the session hash authors t acknowledgements. This will probably need another revision before it is ready for merging, but I wanted to get it out there for feedback. -Ekr
- [TLS] Pull request for session hash Eric Rescorla
- Re: [TLS] Pull request for session hash Eric Rescorla
- Re: [TLS] Pull request for session hash Ilari Liusvaara
- Re: [TLS] Pull request for session hash Eric Rescorla
- Re: [TLS] Pull request for session hash Martin Rex
- Re: [TLS] Pull request for session hash Eric Rescorla
- Re: [TLS] Pull request for session hash Ilari Liusvaara
- Re: [TLS] Pull request for session hash Eric Rescorla
- Re: [TLS] Pull request for session hash Watson Ladd
- Re: [TLS] Pull request for session hash Eric Rescorla