[TLS] RFC 4346 - TLS 1.2

Bob Relyea <rrelyea@redhat.com> Tue, 02 May 2006 18:30 UTC

Received: from [] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FazdM-00083f-8c; Tue, 02 May 2006 14:30:04 -0400
Received: from [] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FazdK-00083Y-HF for tls@ietf.org; Tue, 02 May 2006 14:30:02 -0400
Received: from mx1.redhat.com ([]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FazdJ-0000E0-Ad for tls@ietf.org; Tue, 02 May 2006 14:30:02 -0400
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com []) by mx1.redhat.com ( with ESMTP id k42IU1UK018214 for <tls@ietf.org>; Tue, 2 May 2006 14:30:01 -0400
Received: from potter.sfbay.redhat.com (potter.sfbay.redhat.com []) by int-mx1.corp.redhat.com ( with ESMTP id k42IU0Wf023488 for <tls@ietf.org>; Tue, 2 May 2006 14:30:00 -0400
Received: from [] (relyea.sfbay.redhat.com []) by potter.sfbay.redhat.com (8.12.8/8.12.8) with ESMTP id k42ITxpl014375 for <tls@ietf.org>; Tue, 2 May 2006 14:29:59 -0400
Message-ID: <4457A4DE.9060209@redhat.com>
Date: Tue, 02 May 2006 11:28:46 -0700
From: Bob Relyea <rrelyea@redhat.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: tls@ietf.org
X-Spam-Score: 0.4 (/)
X-Scan-Signature: a8a20a483a84f747e56475e290ee868e
Subject: [TLS] RFC 4346 - TLS 1.2
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0417261836=="
Errors-To: tls-bounces@lists.ietf.org

The TLS 1.2 spec attempts to define more flexibility in the choice of 
hashing, and does fix a number of problems in 1.1 when wanting to use 
hash functions other than SHA-1 and MD5, however there appears to be 
wording left over from the 1.1 spec that seems to contradict this goal. 
Shouldn't this wording be removed or changes, or was it left in 

Section 5 ... second paragraph:

HMAC can be used with a variety of different hash algorithms. TLS
uses it in the handshake with two different algorithms: MD5 and
SHA-1, denoting these as HMAC_MD5(secret, data) and HMAC_SHA(secret,
data). Additional hash algorithms can be defined by cipher suites and
used to protect record data, but MD5 and SHA-1 are hard coded into
the description of the handshaking for this version of the protocol.

Shouldn't the 'hard coded' wording be removed, or does TLS 1.2 initially
expect to continue to use MD5
and SHA-1 for the handshaking?



TLS mailing list