Re: [TLS] PRF in TLS 1.2
Eric Rescorla <ekr@networkresonance.com> Mon, 18 September 2006 22:57 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPS3m-0003xF-Ha; Mon, 18 Sep 2006 18:57:54 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPS3l-0003x6-5G for tls@ietf.org; Mon, 18 Sep 2006 18:57:53 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPS3i-0005Xm-Ps for tls@ietf.org; Mon, 18 Sep 2006 18:57:53 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id EED1C1E8C28; Mon, 18 Sep 2006 15:57:49 -0700 (PDT)
To: Wan-Teh Chang <wtchang@redhat.com>
Subject: Re: [TLS] PRF in TLS 1.2
References: <450F222D.2020706@redhat.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Mon, 18 Sep 2006 15:57:49 -0700
In-Reply-To: <450F222D.2020706@redhat.com> (Wan-Teh Chang's message of "Mon, 18 Sep 2006 15:48:13 -0700")
Message-ID: <86k6403hqq.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Wan-Teh Chang <wtchang@redhat.com> writes: > Hi, > > Could someone please post a description of what was decided > about the PRF in TLS 1.2 in the Montreal WG meeting? > > The only documents I can find on this topic are: > > - Slide 7 of Eric's presentation > (http://www3.ietf.org/proceedings/06jul/slides/tls-1.pdf) > > - Eric's TLS WG Summary > http://www1.ietf.org/mail-archive/web/tls/current/msg00698.html > > But I can't tell from the WG summary what was decided and whether > the proposal in Slide 7 was accepted. Here's a summary of what was decided. 1. The default PRF is the TLS 1.1 PRF with a single hash algorithm and the entire key used as input to P_hash. 2. All current cipher suites will use SHA-1 in TLS 1.2. 3. New cipher suites will by default use the TLS 1.1 PRF with whatever hash they're using for HMAC. 4. New cipher suites can define a new PRF but it must use the same "API" as the TLS 1.1 PRF. This is roughly what's in the current I-D, except that I deleted a crucial paragraph through sloppy editing. It should read approximately: The PRF is derived from P_hash as: PRF(secret, label, seed) = P_<hash>(secret, label + seed) Where <hash> is dependent on the cipher suite. For the cipher suites defined in this document it SHALL be SHA-1. For future cipher suites it SHALL be the hash used in the record HMAC unless otherwise specified in the cipher suite description. > I'd also like to know what new PRFs have been proposed, and who > the proponents are. The new PRFs that people seem interested in are: 1. The GOST PRF (draft-chudov-cryptopro-cptls-03.txt) 2. The FIPS 800-56A KDF. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] PRF in TLS 1.2 Wan-Teh Chang
- Re: [TLS] PRF in TLS 1.2 Eric Rescorla
- Re: [TLS] PRF in TLS 1.2 Wan-Teh Chang
- Re: [TLS] PRF in TLS 1.2 Eric Rescorla
- RE: [TLS] PRF in TLS 1.2 Blumenthal, Uri
- Re: [TLS] PRF in TLS 1.2 Kyle Hamilton
- Re: [TLS] PRF in TLS 1.2 Peter Gutmann
- Re: [TLS] PRF in TLS 1.2 David Hopwood
- RE: [TLS] PRF in TLS 1.2 Blumenthal, Uri
- Re: [TLS] PRF in TLS 1.2 Wan-Teh Chang
- RE: [TLS] PRF in TLS 1.2 Pasi Eronen
- RE: [TLS] PRF in TLS 1.2 Pasi.Eronen
- Re: [TLS] PRF in TLS 1.2 Eric Rescorla
- Re: [TLS] PRF in TLS 1.2 David Hopwood
- Re: [TLS] PRF in TLS 1.2 David Hopwood
- Re: [TLS] PRF in TLS 1.2 Eric Rescorla
- Re: [TLS] PRF in TLS 1.2 Eric Rescorla
- RE: [TLS] PRF in TLS 1.2 Blumenthal, Uri
- Re: [TLS] PRF in TLS 1.2 David Hopwood
- Re: [TLS] PRF in TLS 1.2 David Hopwood
- Re: [TLS] PRF in TLS 1.2 Kyle Hamilton
- Re: [TLS] PRF in TLS 1.2 Daniel Brown
- RE: [TLS] PRF in TLS 1.2 Blumenthal, Uri
- RE: [TLS] PRF in TLS 1.2 Blumenthal, Uri
- Re: [TLS] PRF in TLS 1.2 Bodo Moeller
- Re: [TLS] PRF in TLS 1.2 Bodo Moeller
- RE: [TLS] PRF in TLS 1.2 Pasi.Eronen
- Re: [TLS] PRF in TLS 1.2 Kyle Hamilton
- Re: [TLS] PRF in TLS 1.2 EKR
- Re: [TLS] PRF in TLS 1.2 Daniel Brown
- Re: [TLS] PRF in TLS 1.2 Bodo Moeller
- Re: [TLS] PRF in TLS 1.2 Peter Gutmann