Return-Path: X-Original-To: tls@ietfa.amsl.com Delivered-To: tls@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3264C1B2C3E for ; Sun, 20 Sep 2015 16:58:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.078 X-Spam-Level: X-Spam-Status: No, score=-0.078 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jvf9wxiWS7_I for ; Sun, 20 Sep 2015 16:58:53 -0700 (PDT) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2150B1B2C3F for ; Sun, 20 Sep 2015 16:58:53 -0700 (PDT) Received: by wiclk2 with SMTP id lk2so90309325wic.1 for ; Sun, 20 Sep 2015 16:58:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=jFePYVxAVPW/DEmHqSorppnl0Loz9nkztoYh5h5NDMY=; b=KSm+mITZQ7OKk20UmdAYnOsfTubDkodkqUUS86mimS6b558UaW8XvN0RjsbYSUMxYA EJXHbrUgFs16PiCFgh4qGO27mKW/ZZAD6QdaookS0zn8FrUueU9mUD/cqatucNs+mhQz WhkxzG2wgwg0bfUPsSmuQtoCd3i3HbFge5O5mS0WEaGhTMO1dKT/SVX2C5WwhPIiCi8b /Xzg4WgQHsMd4gBcii211KwULpXl+fnyFI0qPS2E2m8HcsQLFwjrzlMGf3JCmMhTsx0A 1gsXWsXybMUzo1M1ioE2AZQ+4/KNVLw0xutwLEJmGjM7cZtEfQr48QgMvwb9Df+zmPSK ygPQ== X-Gm-Message-State: ALoCoQmxsjf7m35AVrMV9Vd+BZMR3tLLSyaoMNWRy2klLxowZ0lrk/9UqMVC/WT9QGbwpvknHuNS X-Received: by 10.180.184.201 with SMTP id ew9mr11001561wic.53.1442793531665; Sun, 20 Sep 2015 16:58:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.27.79.200 with HTTP; Sun, 20 Sep 2015 16:58:12 -0700 (PDT) From: Eric Rescorla Date: Sun, 20 Sep 2015 16:58:12 -0700 Message-ID: To: "tls@ietf.org" Content-Type: multipart/alternative; boundary=001a11c384c4f084670520368b7d Archived-At: Subject: [TLS] Key Hierarchy X-BeenThere: tls@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2015 23:58:57 -0000 --001a11c384c4f084670520368b7d Content-Type: text/plain; charset=UTF-8 https://github.com/tlswg/tls13-spec/pull/248 Folks, Hugo Krawczyk, Hoeteck Wee, and Bjorn Tackmann suggested a revision to the key hierarchy that separates out the computation of the MS from the computation of the keys that are derived from ES and SS. Specifically, xES and xES are to be used to derive their respective traffic keys and intermediate values mES and mES which are then used with HKDF-Extract to generate MS. Aside from some analytic advantages, this also allows us to use the HKDF-Extract and HKDF-Expand APIs from RFC 5869 which is convenient (it's also compatible with all-in-one HKDF APIs). The PR is at: https://github.com/tlswg/tls13-spec/pull/248 I think this is a good change, but comments welcome. -Ekr --001a11c384c4f084670520368b7d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
h= ttps://github.com/tlswg/tls13-spec/pull/248

Folk= s,

Hugo Krawczyk, Hoeteck Wee, and Bjorn Tackmann = suggested a revision
to the key hierarchy that separates out the = computation of the MS from the
computation of the keys that are d= erived from ES and SS. Specifically,
xES and xES are to be used t= o derive their respective traffic keys and
intermediate values mE= S and mES which are then used with HKDF-Extract
to generate MS.

Aside from some analytic advantages, this also allo= ws us to use
the HKDF-Extract and HKDF-Expand APIs from RFC 5869 = which is
convenient (it's also compatible with all-in-one HKD= F APIs).

The PR is at:

I think this is a good change, b= ut comments welcome.

-Ekr

--001a11c384c4f084670520368b7d--