Re: [TLS] Issue 49: Finished.verify length

Eric Rescorla <ekr@networkresonance.com> Fri, 14 September 2007 14:21 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWC3H-0006lt-Qs; Fri, 14 Sep 2007 10:21:47 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWC3G-0006lk-MD for tls@ietf.org; Fri, 14 Sep 2007 10:21:46 -0400
Received: from [74.95.2.169] (helo=delta.rtfm.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWC3E-0007Y2-Du for tls@ietf.org; Fri, 14 Sep 2007 10:21:46 -0400
Received: from delta.rtfm.com (localhost.rtfm.com [127.0.0.1]) by delta.rtfm.com (Postfix) with ESMTP id 2439533C21; Fri, 14 Sep 2007 07:18:09 -0700 (PDT)
Date: Fri, 14 Sep 2007 07:18:09 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Pasi.Eronen@nokia.com
Subject: Re: [TLS] Issue 49: Finished.verify length
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F2404937802@esebe105.NOE.Nokia.com>
References: <20070914090853.GA20702@tau.invalid> <B356D8F434D20B40A8CEDAEC305A1F2404937712@esebe105.NOE.Nokia.com> <20070914120310.GA29073@tau.invalid> <B356D8F434D20B40A8CEDAEC305A1F2404937802@esebe105.NOE.Nokia.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20070914141809.2439533C21@delta.rtfm.com>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

At Fri, 14 Sep 2007 15:56:43 +0300,
<Pasi.Eronen@nokia.com> wrote:
> 
> Bodo Moeller wrote:
> 
> > > My suggestion was *not* to increase the current length, but rather 
> > > to add "agility" for this parameter as well (so that we don't
> > > need to revisit the TLS base spec if, e.g., some future cipher 
> > > suite wants to have all the pieces at 256-bit level).
> > 
> > OK, this makes perfect sense!  The question as cited here was,
> > should the verify_data length depend *on the PRF*.  It shouldn't;
> > but that doesn't mean we can't allow individual ciphersuites to
> > specify their preferred verify_data lengths.
> 
> The PRF depends on the ciphersuite, so having the verify_data length
> depend on the PRF (or in other words: specifying the verify_data
> length at the same place as the PRF) would be one relative simple
> approach. 
> 
> (But we could allow different ciphersuites using the same PRF
> to use different verify_data lengths as well)

I'm still trying to understand the rationale for why it makes sense
to have a verify_data != 12 bytes. Pasi, could you elaborate?

Thanks,

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls