Re: [TLS] Premaster/Master convention

Juho Vähä-Herttua <> Wed, 30 July 2014 19:47 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8CABC1A01AA for <>; Wed, 30 Jul 2014 12:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.521
X-Spam-Status: No, score=-1.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sE1k2NGPrt25 for <>; Wed, 30 Jul 2014 12:47:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7C93D1A0158 for <>; Wed, 30 Jul 2014 12:47:24 -0700 (PDT)
Received: from [] ( []) by (Postfix) with ESMTP id 2A6424000F; Wed, 30 Jul 2014 22:47:16 +0300 (EEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: =?utf-8?Q?Juho_V=C3=A4h=C3=A4-Herttua?= <>
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <>
Date: Wed, 30 Jul 2014 22:47:14 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: "Gero, Charlie" <>
Cc: "" <>
Subject: Re: [TLS] Premaster/Master convention
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Jul 2014 19:47:27 -0000

> On 30.7.2014, at 18.02, "Gero, Charlie" <> wrote:
> We have a number of technologies at Akamai that utilize the fact that the PMS is split from the MS and that MS is produced in conjunction with the randoms.  It allows us to do splitting between machines that have keys and those that don't (machines in safe locales and those which are simply terminators).  I don't think we could use the same methods we use today without that sub step.  It would make it very difficult for Akamai to adopt 1.3.

Without going much into details, are you sure that you can still use these methods, or that these methods are still relevant, without the RSA key exchange?

With ephemeral (EC)DH only things done with the certificate private key is signing and verifying, and that doesn't involve the randoms. So I can't figure out how PMS->MS separation helps there, although I can see how it helps in the RSA key exchange. But I'll take your word for it if you say so.