Re: [TLS] Key Hierarchy TLS 1.3 RFC8446(bis)
Hugo Krawczyk <hugo@ee.technion.ac.il> Sun, 17 December 2023 20:05 UTC
Return-Path: <hugokraw@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41226C14E513 for <tls@ietfa.amsl.com>; Sun, 17 Dec 2023 12:05:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXboRktNh_mT for <tls@ietfa.amsl.com>; Sun, 17 Dec 2023 12:05:34 -0800 (PST)
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24CF2C14F5F2 for <tls@ietf.org>; Sun, 17 Dec 2023 12:05:34 -0800 (PST)
Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-54cb4fa667bso2787403a12.3 for <tls@ietf.org>; Sun, 17 Dec 2023 12:05:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702843532; x=1703448332; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VgBEPPW97OUObW4BJKbYy5qAzjh0Z46fKYaOWDTKR1s=; b=HIMGuIB4huRLgl08dyGHqCv5puZK8ZQ1ZyyVI9g5Lb7LrhKLcFrGHQiCxyswumrn20 hgZ1tkC7naNefbpM6pmHWk30I/hsbcrs/PpkjREJgyUd41puhpj6OIa1VXAr60Cz0S3t EiMhLSbzkf5llyuLuleXs71Du/hjtm8lekpTECn56iJSDjHa9UieozDnbRbigz4MYlLj EHEbGCFRnFprQRdmb5T4A508xngrj+fUuoGB8vYfrCBUfRrR8QLTbxRxhMIU/CGcx+TO yqj0Da1oDSVheaxdkyK2+83Yhl6+JZYJIvLBzOpNbRE2sHJnYwfClmQ69PP+pgz/Hd3P mX7A==
X-Gm-Message-State: AOJu0YxBByoLZ5vftHGbz/ckMQUaoz3Rv5bCCL6Y9ZEzB2VljDtY+JM3 LBYdsfoNdQn9P4t2pJB2VviXf6o8H3LMHvb/fvY=
X-Google-Smtp-Source: AGHT+IEqvSISFnQ7hZocUciIfS/9yZfQDkueXCXKCBfilxFe08euwwSToMTfxXxJoE8K3xN+neZgimWMBmOXno6iXqw=
X-Received: by 2002:a50:cd9a:0:b0:54d:297:9e04 with SMTP id p26-20020a50cd9a000000b0054d02979e04mr8600886edi.61.1702843532255; Sun, 17 Dec 2023 12:05:32 -0800 (PST)
MIME-Version: 1.0
References: <90bdd3cd-a5d0-4a82-b28c-2965536a7154@tu-dresden.de>
In-Reply-To: <90bdd3cd-a5d0-4a82-b28c-2965536a7154@tu-dresden.de>
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Sun, 17 Dec 2023 15:05:03 -0500
Message-ID: <CADi0yUP27w+gcLvfWjn=+EqxfiWebFiyaNa1aUomVai8AUAU5w@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d926fc060cba273b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KSUJywY6WZpnVnLNRf0tpIBXGjk>
Subject: Re: [TLS] Key Hierarchy TLS 1.3 RFC8446(bis)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Dec 2023 20:05:38 -0000
See full thread here https://mailarchive.ietf.org/arch/msg/tls/cS4vdMvENOGdpall7uos9iwZ5OA/ See also how this helped analysis here (search for reference [73] https://inria.hal.science/hal-01528752v3/file/RR-9040.pdf On Sat, Dec 16, 2023 at 1:16 PM Muhammad Usama Sardar < muhammad_usama.sardar@tu-dresden.de> wrote: > Hi all, > In the key schedule (section 7.1) of RFC8446(bis), what is the rationale > for using *Derive-Secret(., "derived", "")* in the derivations of > Handshake and Master Secrets? Since this change was made in draft 19, I > expect there should be some reasoning of why this was added. Specifically, > what are the security implications if this step is missed, i.e., > > - if Early Secret is directly used as the Salt argument for > HKDF-Extract of Handshake Secret; > - and similarly if Handshake Secret is directly used as the Salt > argument for HKDF-Extract of Master Secret. > > Regards, > > Usama > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- Re: [TLS] Key Hierarchy TLS 1.3 RFC8446(bis) Hugo Krawczyk
- Re: [TLS] Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Fwd: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Eric Rescorla
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Eric Rescorla
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Eric Rescorla
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Eric Rescorla
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar
- [TLS] Re: Key Hierarchy TLS 1.3 RFC8446(bis) Muhammad Usama Sardar