RE: [TLS] Issue 49: Finished.verify length
<Pasi.Eronen@nokia.com> Mon, 17 September 2007 07:03 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXAdy-00081a-5r; Mon, 17 Sep 2007 03:03:42 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXAdx-00080x-AF for tls@ietf.org; Mon, 17 Sep 2007 03:03:41 -0400
Received: from smtp.nokia.com ([131.228.20.171] helo=mgw-ext12.nokia.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IXAdw-0003Yi-QH for tls@ietf.org; Mon, 17 Sep 2007 03:03:41 -0400
Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145]) by mgw-ext12.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l8H73AaB009963; Mon, 17 Sep 2007 10:03:38 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Sep 2007 10:03:18 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Sep 2007 10:03:17 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Issue 49: Finished.verify length
Date: Mon, 17 Sep 2007 10:03:16 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2404966FEE@esebe105.NOE.Nokia.com>
In-Reply-To: <20070916171835.57FF033C21@delta.rtfm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Issue 49: Finished.verify length
Thread-Index: Acf4hiA+yIOddDjHSsCqSnxIThtzJgAcmIKw
References: <20070914090853.GA20702@tau.invalid><B356D8F434D20B40A8CEDAEC305A1F2404937712@esebe105.NOE.Nokia.com><20070914120310.GA29073@tau.invalid><B356D8F434D20B40A8CEDAEC305A1F2404937802@esebe105.NOE.Nokia.com><20070914141809.2439533C21@delta.rtfm.com><B356D8F434D20B40A8CEDAEC305A1F2404966D3F@esebe105.NOE.Nokia.com><20070914183633.6B09F33C21@delta.rtfm.com><B356D8F434D20B40A8CEDAEC305A1F2404966DF0@esebe105.NOE.Nokia.com> <20070916171835.57FF033C21@delta.rtfm.com>
From: Pasi.Eronen@nokia.com
To: ekr@networkresonance.com
X-OriginalArrivalTime: 17 Sep 2007 07:03:17.0610 (UTC) FILETIME=[D2D4FCA0:01C7F8F8]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Eric Rescorla wrote:
> Well, I don't think changing the encoding is needed. The
> verify_data is the only thing in the Finished message so it's
> already implicitly encoded. If we want to allow this to change
> length without doing an Update, then why not change it to:
>
> struct {
> opaque verify_data[SecurityParameters.finished_length];
> } Finished;
>
> This leaves a hole but doesn't require changing the wire encoding.
This would work, too.
> That said, I'd sort of like to discourage changing the length without
> good reason, so I'd actually like the first cipher suite to do
> this to have to Update: TLS 1.2. However, using the technique above,
> we could make this cahnge later without having to impact
> implemenations that didn't support the new cipher suite.
Ciphersuites should be able to do algorithm agility without updating
TLS 1.2, and things like MAC lengths are IMHO part of that agility...
Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Russ Housley