Re: [TLS] Pull request for session hash

Eric Rescorla <ekr@rtfm.com> Fri, 07 November 2014 22:19 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE7B91A1B6B for <tls@ietfa.amsl.com>; Fri, 7 Nov 2014 14:19:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AXr0HQziA5RZ for <tls@ietfa.amsl.com>; Fri, 7 Nov 2014 14:19:06 -0800 (PST)
Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A4111A1B58 for <tls@ietf.org>; Fri, 7 Nov 2014 14:19:06 -0800 (PST)
Received: by mail-wg0-f42.google.com with SMTP id k14so4715147wgh.15 for <tls@ietf.org>; Fri, 07 Nov 2014 14:19:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=HuFct/loCZpxxDu0CG83gqBrwqtaGjZUewQL7yzhOBg=; b=O7qo8le4IAUF4WjMuxBAs7etGyM/PbAsdZxTg/tpSRBcryosR9urAzrgCwRbczbh+S RoSckNFYOPdYzcOpj0/pxDAW8w0fGzlNyC4ZGtGqgpEH3ysQaActh8NFxhzrVrNAics7 Ro8vbY3UtKCTsjeTrtWwOTV7OgBwYPXXgm9LmpxFVrDB5IjqMNIdRC04kUYEp3vtxyD/ 33RUzB2P/0ddcKlJ3dUtrCuoC3ry82Cr2Sr2r2JNRDJBfOnH5MiGQ+molDzSgZkaERok m0AmHG1S4xTnF2WeE/RhAo2tFH4RpjQ+7x/0PN31IryB0PpL5fERTOtf5SUwbqP8c616 YiqQ==
X-Gm-Message-State: ALoCoQlB1HGDEpQ5UiyUeB7yBePGmTGMuVrglLAQx09PXjh3UYb6un+eke6WCslxp5FrQ3pSaN3R
X-Received: by 10.194.79.201 with SMTP id l9mr20422697wjx.59.1415398744868; Fri, 07 Nov 2014 14:19:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.49.198 with HTTP; Fri, 7 Nov 2014 14:18:24 -0800 (PST)
In-Reply-To: <CABcZeBNj2n-UM-qwVH8PSV+7MgS6kNxzqQZ20J3DtfZ8tLg9-Q@mail.gmail.com>
References: <CABcZeBNj2n-UM-qwVH8PSV+7MgS6kNxzqQZ20J3DtfZ8tLg9-Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 7 Nov 2014 14:18:24 -0800
Message-ID: <CABcZeBPKz3fubCYZHED0xtNoH_yqcjRxhYXi6T_FVkuPpZYQmw@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=047d7bf0d0f6675f1905074c33ac
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/54ckReA041rpeiMFBb64J_nWvJw
Subject: Re: [TLS] Pull request for session hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Nov 2014 22:19:08 -0000

https://github.com/tlswg/tls13-spec/pull/89

On Fri, Nov 7, 2014 at 2:01 PM, Eric Rescorla <ekr@rtfm.com>; wrote:

> I've created a preliminary pull request to adapt the session hash fix for
> TLS 1.3
> for feedback from the WG.
>
> Points to note:
>
> - IMPORTANT: Because the initial handshake messages are encrypted
>   under separate keys from the application data traffic, it seems like we
> need
>   to have 2 sets of CCS messages or none. In anticipation of removing
>   renegotiation (see PR https://github.com/tlswg/tls13-spec/pull/88).
>   Based on conversations with Alfredo and Martin, it seemed easier
>   to remove them. Warning: analysis needed here.
>
> - I created a separate resumption master secret that is fed into the
>   key hierarchy. This makes the description of that simpler but will
>   need revisiting if we adopt either Rich's unification of session hash
>   and tickets or Karthik's PSK-as-tickets unification, but that seemed
>   like a separate issue.
>
> - If we adopt the Update proposal we will also need to split the master
>   keys into two directional keys, but that's distinct as well.
>
> - I still need to add the names of the session hash authors t
>   acknowledgements.
>
> This will probably need another revision before it is ready for merging,
> but
> I wanted to get it out there for feedback.
>
> -Ekr
>
>
>
>