Re: [TLS] Constant Finished (was Re: Kill Finished)
Martin Thomson <martin.thomson@gmail.com> Mon, 21 April 2014 18:54 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21DB71A0251 for <tls@ietfa.amsl.com>; Mon, 21 Apr 2014 11:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id segOi0EVWq4e for <tls@ietfa.amsl.com>; Mon, 21 Apr 2014 11:54:09 -0700 (PDT)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com [IPv6:2a00:1450:400c:c05::22c]) by ietfa.amsl.com (Postfix) with ESMTP id F2C791A0240 for <tls@ietf.org>; Mon, 21 Apr 2014 11:54:07 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id hi2so2179470wib.11 for <tls@ietf.org>; Mon, 21 Apr 2014 11:54:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=knfkVO6V1y5U/itDWYqSuG9q1EJa9WIlKK1fbrHlq1s=; b=TprVsGFk2kggPuOFK0vCIzYDplR4jfUwvCs7YK+HONm2GSKKXxUIkPM9X1hXZOxH2e dmYzFfclxEqRDiKsN6CmahafndtO+JP1YUrw6T3NuxXT1lnI9/da1198o7aetkTfxq89 MODZNaP0hV6qd8fC+hlBM9jBLCXjiuVhG5/+Df0ej6qTOZfz6vg4O8l3qrCOVD9LcjcL 8iLl77zhHOGs8CLj5Rx/LaeG9gSH32VNhp0CXaOtATwzli//H30xAtiAgowWlkti8SQ3 hmOfR0iLz3bYX12mYkODLugmXezVGZq7Qu+cbYC7sD2KFaZWqMSmsCjkeT6sZfHS+Wpk DGbg==
MIME-Version: 1.0
X-Received: by 10.180.189.65 with SMTP id gg1mr15107226wic.56.1398106442227; Mon, 21 Apr 2014 11:54:02 -0700 (PDT)
Received: by 10.227.144.132 with HTTP; Mon, 21 Apr 2014 11:54:02 -0700 (PDT)
In-Reply-To: <CACsn0cnObqEv_=rXzvVjsbpbOstqNVOA1oQmvA4TmW0w3E1-sA@mail.gmail.com>
References: <CACsn0cm7CU3HBOY-m90+HwGBuw+nZ7vyqRdHZcfDjw7wiTmDMw@mail.gmail.com> <5350BF46.7000608@pobox.com> <53513A6B.8080606@nthpermutation.com> <CACsn0c=gvQ9BbEifDkiiiNnUN-qdnYNOkVFZe0HX6hWwZNJNGQ@mail.gmail.com> <53517880.7080801@pobox.com> <CABkgnnXxfU9y+PohcpxWd98angXRpQOSSzmSh2DObdzrcdLm0A@mail.gmail.com> <53518A8D.4080107@pobox.com> <535425E8.4050808@nthpermutation.com> <CACsn0cnObqEv_=rXzvVjsbpbOstqNVOA1oQmvA4TmW0w3E1-sA@mail.gmail.com>
Date: Mon, 21 Apr 2014 11:54:02 -0700
Message-ID: <CABkgnnX2re5kU5GyYom4CExiJ95zQk3ECSxY_jNZ8nyQuVRg2w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/5MwCRVl-VK5TuOLGa94xCGAfog0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Constant Finished (was Re: Kill Finished)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 18:54:11 -0000
On 20 April 2014 13:21, Watson Ladd <watsonbladd@gmail.com> wrote: > Suppose ALPN wasn't authenticated, and the > same string could have two different meanings under two different > protocols. The right answer is never to remove properties TLS provides > today. I certainly have a use case that depends on ALPN being protected by the handshake. And I think that Watson's more generally right here. The basic guarantee is that the entire handshake is covered, either by Finished (as in TLS 1.2 and earlier), or by using it as input to the PRF (as Watson has proposed).
- [TLS] Kill Finished (and other tricks for hardwar… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Nico Williams
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Eric Rescorla
- Re: [TLS] Kill Finished (and other tricks for har… Nico Williams
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Michael D'Errico
- Re: [TLS] Kill Finished (and other tricks for har… Michael StJohns
- [TLS] Fwd: Kill Finished (and other tricks for ha… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Henrick Hellström
- Re: [TLS] Fwd: Kill Finished (and other tricks fo… Ilari Liusvaara
- Re: [TLS] Kill Finished (and other tricks for har… Michael StJohns
- Re: [TLS] Kill Finished (and other tricks for har… Andy Lutomirski
- [TLS] Constant Finished (was Re: Kill Finished) Michael D'Errico
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael D'Errico
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Kill Finished (and other tricks for har… Henrick Hellström
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael Procter
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael Procter
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael StJohns
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Watson Ladd
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael StJohns