Re: Antwort: [TLS] TLS 1.2 MAC calculation
Bodo Moeller <bmoeller@acm.org> Fri, 03 August 2007 10:47 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IGugV-0001Fn-I4; Fri, 03 Aug 2007 06:47:07 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IGugU-0001EH-Ad for tls@ietf.org; Fri, 03 Aug 2007 06:47:06 -0400
Received: from moutng.kundenserver.de ([212.227.126.179]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IGugT-00062b-J2 for tls@ietf.org; Fri, 03 Aug 2007 06:47:06 -0400
Received: from [80.142.172.66] (helo=tau.invalid) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis), id 0ML31I-1IGugR1nAt-0003qL; Fri, 03 Aug 2007 12:47:04 +0200
Received: by tau.invalid (Postfix, from userid 1000) id 4067F1A2DF; Fri, 3 Aug 2007 12:47:02 +0200 (CEST)
Date: Fri, 03 Aug 2007 12:47:02 +0200
From: Bodo Moeller <bmoeller@acm.org>
To: Axel.Heider@gi-de.com
Subject: Re: Antwort: [TLS] TLS 1.2 MAC calculation
Message-ID: <20070803104702.GA8485@tau.invalid>
References: <46B20CE1.7020308@pobox.com> <OFA18C53A1.6DA21B69-ONC125732C.0038BDDE-C125732C.00393A5D@gi-de.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <OFA18C53A1.6DA21B69-ONC125732C.0038BDDE-C125732C.00393A5D@gi-de.com>
User-Agent: Mutt/1.5.9i
X-Provags-ID: V01U2FsdGVkX1+zkoRhMlp+VR4xGpntaafqZaCJOLFph80RROv O7Von+mCPadJrxXDZ8YrXaoeFkFwq2Rn6YsxrVQIkRNwmNsm/t 4StcjU6L5TdH6BSww6Mf8dQVOSn+dm8GGqyZzjX4LxsTxt1XLm hlw==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
On Fri, Aug 03, 2007 at 12:25:03PM +0200, Axel.Heider@gi-de.com wrote: >> I just want to make sure I'm reading the spec >> correctly. Is SHA-256 used only for the PRF >> calculation and the MAC algorithm is still >> whatever the cipher suite says? Or is SHA- >> 256 also used for MAC calculations? I believe >> the former, so MD5 could even still be used >> with RC4 -- is this correct? > My opinion is, that for compatibility reasons, > all defined cipher suits sould work as before. > The SHA-256 versions of any cipher suits should > get a new id. This would also make the > implementation easier if all SSL/TLS versions > are supported. Compatibility isn't really an important issue here (we have explicit version negotiation). Ease of implementation is. Luckily, appendices B and C make it quite clear that SHA still means SHA-1, and that MD5 still means MD5. There's really nothing wrong with this: This use of HMAC is for ephemeral authentication only, so there's no reason to force everyone to live with the overhead of SHA-256 or something. The situation is quite different for hashes in the PRF. The PRF is essential for the long-term security of encryption, and the old PRF is somewhat weird; replacing it makes a lot of sense. Bodo _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 Eric Rescorla
- Re: [TLS] TLS 1.2 Steven M. Bellovin
- Re: [TLS] TLS 1.2 Peter Gutmann
- Re: [TLS] TLS 1.2 Steven M. Bellovin
- Re: [TLS] TLS 1.2 Bodo Moeller
- [TLS] TLS 1.2 Mike
- [TLS] TLS 1.2 Mike
- [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 Mike
- [TLS] TLS 1.2 MAC calculation Mike
- Antwort: [TLS] TLS 1.2 MAC calculation Axel.Heider
- Re: Antwort: [TLS] TLS 1.2 MAC calculation Bodo Moeller
- Re: [TLS] TLS 1.2 interoperating Mike
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Mike
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- RE: [TLS] TLS 1.2 hash agility Russ Housley
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen