Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt

Eric Rescorla <ekr@networkresonance.com> Mon, 28 August 2006 22:41 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHpnW-0003ey-73; Mon, 28 Aug 2006 18:41:38 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHpnU-0003em-KZ for tls@ietf.org; Mon, 28 Aug 2006 18:41:36 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHpnT-0008S8-Ap for tls@ietf.org; Mon, 28 Aug 2006 18:41:36 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 6F12A1E8C1C; Mon, 28 Aug 2006 15:41:34 -0700 (PDT)
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt
References: <AC1CFD94F59A264488DC2BEC3E890DE502580384@xmb-sjc-225.amer.cisco.com> <7.0.1.0.2.20060828153142.06aa3fd0@qualcomm.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Mon, 28 Aug 2006 15:41:34 -0700
In-Reply-To: <7.0.1.0.2.20060828153142.06aa3fd0@qualcomm.com> (Lakshminath Dondeti's message of "Mon, 28 Aug 2006 15:36:35 -0700")
Message-ID: <86psekcwkh.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d6b246023072368de71562c0ab503126
Cc: lars.eggert@netlab.nec.de, tls@ietf.org, hartmans-ietf@mit.edu
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Lakshminath Dondeti <ldondeti@qualcomm.com>; writes:
> After a quick look at the documents in consideration, I am thinking
> something like an IKEv2 PRF+ might also work.
>
> Each time an instance draws on the key material there would be a new
> key.  Would that work?

Well, the issue isn't really which PRF to use.

Given that TLS has one and that it's got the ability generate disjoint
keys from the same underlying entropy, that's kind of the obvious one
to use.

that's kind of a no-brainer. The issue is the layer violation
and making sure that each side gets the same (unique) key
even if multiple other protocols are trying to get keys out
of TLS this way...

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls