IETF Logo Mail Archive

Re: [TLS] Version in record MAC

Martin Thomson <martin.thomson@gmail.com> Mon, 19 October 2015 18:06 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8ED81B2AA5 for <tls@ietfa.amsl.com>; Mon, 19 Oct 2015 11:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2UmEX8mROcUx for <tls@ietfa.amsl.com>; Mon, 19 Oct 2015 11:06:35 -0700 (PDT)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DF5A1B2A96 for <tls@ietf.org>; Mon, 19 Oct 2015 11:06:35 -0700 (PDT)
Received: by ykaz22 with SMTP id z22so148292517yka.2 for <tls@ietf.org>; Mon, 19 Oct 2015 11:06:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UF03n5MNzfT3W+Ob1QNeE69jwX8ZaGMGscaZzdW/h4c=; b=jEEPGctxS3RIVRNw3tSFlbdSeVflVDWNdCwqKGSzFPJeAif3vqxG7upN5vz+pG+jld zL8YKCgXI+1q5vmWdjV/U71ud1Pn+q53UkmdmPmPKu+Ny6HAhBnRiC/KCZH7clSFypt9 9SUhKByQUQZrfxJ0/oqxLc7J/dAr3CiEMCvH2Wfiaqd1fT8QTWar9T7pDJ8yT+A3UkrY v0LQ0UgIaXQ8cdZni35pfv20hXYfieXaZxpmgrOMeAjU/eJyhWCINGoat3odARjgha7N /ZBa2aaY7yqT+ALlXYrbUNFb4thyW0Vhk5A+1YJIeTfl27kgvb744EdOClYcebz1oVmT yBCA==
MIME-Version: 1.0
X-Received: by 10.13.196.196 with SMTP id g187mr23274458ywd.98.1445277994709; Mon, 19 Oct 2015 11:06:34 -0700 (PDT)
Received: by 10.129.132.145 with HTTP; Mon, 19 Oct 2015 11:06:34 -0700 (PDT)
In-Reply-To: <CABcZeBODjk8rapgbNTST8bmFFVzKqB4tJyrvje-CTgk1=gfqFw@mail.gmail.com>
References: <CABcZeBODjk8rapgbNTST8bmFFVzKqB4tJyrvje-CTgk1=gfqFw@mail.gmail.com>
Date: Mon, 19 Oct 2015 11:06:34 -0700
Message-ID: <CABkgnnV+QrjcXJdZwwAGW-SpX0Z0_JroEVT-kMJgUAVe7DDQUw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/G_74Nbr9oL5bvzQ7U_iEF8Q5jS0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Version in record MAC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2015 18:06:36 -0000

On 19 October 2015 at 09:28, Eric Rescorla <ekr@rtfm.com> wrote:
>      1. Don't MAC the version at all.
>      2. MAC the negotiated version (which should be clear at
>         this point).


3. Nothing

The version is implicit in the key derivation (yeah, there are lots of
rounds of HMAC between, but it's there.

The sequence number is fed into the nonce.

v2.23.0 | Report a Bug | By Email