Antwort: [TLS] TLS 1.2 MAC calculation

Axel.Heider@gi-de.com Fri, 03 August 2007 10:25 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IGuLE-0006UX-PZ; Fri, 03 Aug 2007 06:25:08 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IGuLE-0006UQ-6c for tls@ietf.org; Fri, 03 Aug 2007 06:25:08 -0400
Received: from mail.gi-de.com ([193.108.184.25]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IGuLD-0005Ry-JE for tls@ietf.org; Fri, 03 Aug 2007 06:25:08 -0400
Received: from notessmtp1.domino.intern [10.4.4.49] by mail.gi-de.com id 6GAX4V30 outgoing id 6GAX4V30; 03 Aug 2007 12:25:06 +0200
In-Reply-To: <46B20CE1.7020308@pobox.com>
To: Mike <mike-list@pobox.com>
Subject: Antwort: [TLS] TLS 1.2 MAC calculation
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006
Message-ID: <OFA18C53A1.6DA21B69-ONC125732C.0038BDDE-C125732C.00393A5D@gi-de.com>
From: Axel.Heider@gi-de.com
Date: Fri, 03 Aug 2007 12:25:03 +0200
X-MIMETrack: Serialize by Router on NOTESSMTP1/SRV/GuD(Release 7.0.2|September 26, 2006) at 03.08.2007 12:25:03, Serialize complete at 03.08.2007 12:25:03
Content-Type: text/plain; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Mike, 

> I just want to make sure I'm reading the spec
> correctly.  Is SHA-256 used only for the PRF
> calculation and the MAC algorithm is still
> whatever the cipher suite says?  Or is SHA-
> 256 also used for MAC calculations?  I believe
> the former, so MD5 could even still be used
> with RC4 -- is this correct?

My opinion is, that for compatibility reasons, 
all defined cipher suits sould work as before. 
The SHA-256 versions of any cipher suits should 
get a new id. This would also make the 
implementation easier if all SSL/TLS versions 
are supported.

Axel

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls