[TLS] Constant Finished (was Re: Kill Finished)
Michael D'Errico <mike-list@pobox.com> Fri, 18 April 2014 19:10 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59DB91A0468 for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 12:10:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.273
X-Spam-Level:
X-Spam-Status: No, score=-2.273 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EyHKCSrx3mPo for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 12:10:00 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by ietfa.amsl.com (Postfix) with ESMTP id 0676F1A043F for <tls@ietf.org>; Fri, 18 Apr 2014 12:09:59 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 57AF3110E2; Fri, 18 Apr 2014 15:09:55 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=VaW70uom/Rlo CADqVlDtics+q/g=; b=tKo7b3ozsJMuaoVtdtoG1aAvymopTHpLAfqoW2rOCRrc +de1EfNoXMzEDLycA0tc2bd1tClKXqOJUb2Q0J2XlFxwJ1JFfsykovE3g7wmD/+0 eYxtJgPPr0xNcAtxYmRXndkbWZRT4tDiM0i4eInne5+1izvuKQWbJVX2bY9LQzY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=LWZSnT v0sZQAVpmNbvCe8TyHlEwi3XM5/n0U60hoEJzivFpEMpMZ9r9Ar6oFHeATAmWBJ4 ffc/gMml6QP1CAq8cyzXsmWqsg2HdV+ls3nNsl4LHhFeZ/HcnsMS8sZMqt9ydYR9 NqPgnBZ3wgM9bcJtz1/tpPKpjZMP74DB7phu8=
Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 4CBEE110E1; Fri, 18 Apr 2014 15:09:55 -0400 (EDT)
Received: from iMac.local (unknown [24.234.153.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 94FD9110E0; Fri, 18 Apr 2014 15:09:53 -0400 (EDT)
Message-ID: <53517880.7080801@pobox.com>
Date: Fri, 18 Apr 2014 12:09:52 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <CACsn0cm7CU3HBOY-m90+HwGBuw+nZ7vyqRdHZcfDjw7wiTmDMw@mail.gmail.com> <5350BF46.7000608@pobox.com> <53513A6B.8080606@nthpermutation.com> <CACsn0c=gvQ9BbEifDkiiiNnUN-qdnYNOkVFZe0HX6hWwZNJNGQ@mail.gmail.com>
In-Reply-To: <CACsn0c=gvQ9BbEifDkiiiNnUN-qdnYNOkVFZe0HX6hWwZNJNGQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 05E83D28-C72D-11E3-A80B-6F330E5B5709-38729857!a-pb-sasl-quonix.pobox.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/P6QMVIQJBXlvcdX0HSt-81ntsRo
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] Constant Finished (was Re: Kill Finished)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 19:10:04 -0000
Watson Ladd wrote: > If we fix the key generation, the finished messages can be constants. IANAC but using a long-enough "magic number" for Finished seems fine if the handshake hash is moved to the key generator. But how long should that magic number be? Currently we use 12 bytes, but should it be 16 or maybe even 32 bytes (when negotiating 256-bits of security)? Can it be a simple string of zeros? Mike
- [TLS] Kill Finished (and other tricks for hardwar… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Nico Williams
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Eric Rescorla
- Re: [TLS] Kill Finished (and other tricks for har… Nico Williams
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Michael D'Errico
- Re: [TLS] Kill Finished (and other tricks for har… Michael StJohns
- [TLS] Fwd: Kill Finished (and other tricks for ha… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Henrick Hellström
- Re: [TLS] Fwd: Kill Finished (and other tricks fo… Ilari Liusvaara
- Re: [TLS] Kill Finished (and other tricks for har… Michael StJohns
- Re: [TLS] Kill Finished (and other tricks for har… Andy Lutomirski
- [TLS] Constant Finished (was Re: Kill Finished) Michael D'Errico
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael D'Errico
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Kill Finished (and other tricks for har… Henrick Hellström
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael Procter
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael Procter
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael StJohns
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Watson Ladd
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael StJohns