Re: [TLS] Transcript-Hash during Handshake
"Le Van Gong, Hubert" <hubert@levangong.org> Wed, 22 November 2017 04:36 UTC
Return-Path: <hubert@levangong.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CCA1129C36 for <tls@ietfa.amsl.com>; Tue, 21 Nov 2017 20:36:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=levangong-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHFtYmiKnsrb for <tls@ietfa.amsl.com>; Tue, 21 Nov 2017 20:36:47 -0800 (PST)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34ECA129C2F for <tls@ietf.org>; Tue, 21 Nov 2017 20:36:47 -0800 (PST)
Received: by mail-pg0-x233.google.com with SMTP id 4so11975934pge.1 for <tls@ietf.org>; Tue, 21 Nov 2017 20:36:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=levangong-org.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=2GpdRFsdc1x+fi32KmDQj/SswwM9q85tyfc/mRL7n+E=; b=dJKF3YtErS+MfvmswAUoCZeYddqiFZHFwigqUMX/pd/5fc+JxwGcM/9vHBXwST9R+h M7pmb2VjbmZApA1y2KY+yguZvDMSqjWBaJ/yPkbstCV6RvuvY2IE3TsiZXybrOJyJB1r UIn4FLvWQRDZyOgnlr+hL+MBcWJD6BQ3rpTf7cJGTb4lgTga+Z7TAuw+AMFlh2W5OUC4 fNbDlXS0UPhxTkfjd/j4/NVobd7NK5EA1AOWSjeKqXxy+ICSEOBUaPZ+UxP5YRhlDA5L ee/W1H+1yICHUaU3yUrijCgD+jkJMe2zlZVrykJQzQcH+7DAh2tDFA0qfjTqMKU5nvq/ jwGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=2GpdRFsdc1x+fi32KmDQj/SswwM9q85tyfc/mRL7n+E=; b=g1ZxAaSt7nxLkvUr9lKKW9UhcEEfr+iX2TeEchuuVCkXKCYTkPhchCOpIVgScUODtq 0f6gr+B+E5fyXgKMHdPdBjeVxZufNashrHKXBfqEFJpMG2994LTj7jnWF18Rlxgl3swY iaGiywYeKn4n2owpja8GuB7ygUy/0atoZFQcVuV0cgusB43smGdNcL95U9mq2vkd7IZG hVrUVuTKVz00yoLwcOWXtBTQpg84zKwB/JodvdQHV2WShwMz9E/x6iZ6Kz3KizvcwULb gDom9quBljhdsIV9wWXQRNdGra9JOVA/99oRJn+sO3WcOH6u0jASCG4TfIn1W6A+rZ72 QR8Q==
X-Gm-Message-State: AJaThX7Kf/mWCjKKu+oThzznYqCrSW1eXPt+u83olRrFm9PyZuV1XAfi oT1/4lufgavodEMmR51MAE4Sqqhi
X-Google-Smtp-Source: AGs4zMZik9Ka9LnYTzPcHaxygvLlhCiZEiLpjmAcJUWNSxjXIS8rNTvezeGxXvA57S6wYw6iikgukA==
X-Received: by 10.98.21.17 with SMTP id 17mr17881501pfv.120.1511325406723; Tue, 21 Nov 2017 20:36:46 -0800 (PST)
Received: from [10.231.102.52] ([173.224.161.129]) by smtp.gmail.com with ESMTPSA id m8sm23952331pgc.64.2017.11.21.20.36.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Nov 2017 20:36:46 -0800 (PST)
To: Peter Wu <peter@lekensteyn.nl>
Cc: tls@ietf.org
References: <94ced158-63b1-e7a3-024c-44d1149e7202@levangong.org> <20171122035915.GD18321@al>
From: "Le Van Gong, Hubert" <hubert@levangong.org>
Message-ID: <a5908bef-cfa2-818c-d2aa-3d5b8fb9e576@levangong.org>
Date: Tue, 21 Nov 2017 20:36:45 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <20171122035915.GD18321@al>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Tf1kfl504csLDYPrVNm8ToTLDXI>
Subject: Re: [TLS] Transcript-Hash during Handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 04:36:48 -0000
Hi Peter, Yes, that sentence is what made me think it must be over decrypted messages but I wanted to double check as it's not clearly stated. Thanks for confirming! Hubert On 11/21/17 19:59, Peter Wu wrote: > Hi Hubert, > > On Tue, Nov 21, 2017 at 07:38:16PM -0800, Le Van Gong, Hubert wrote: >> Greetings, >> >> Probably a trivial question but is the transcript hash (during handhsake) >> calculated over decrypted versions of messages like EncryptedExtensions or >> certificate or is it done over the raw/encrypted messages? >> I could not find an exact confirmation in the spec. > It covers the decrypted handshake messages, see > https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.4.1 > > This value is computed by hashing the concatenation > of each included handshake message, including the handshake message > header carrying the handshake message type and length fields, but not > including record layer headers > > (The only way to know the message type is to have it in cleartext.) >
- [TLS] Transcript-Hash during Handshake Le Van Gong, Hubert
- Re: [TLS] Transcript-Hash during Handshake Peter Wu
- Re: [TLS] Transcript-Hash during Handshake Le Van Gong, Hubert
- Re: [TLS] Transcript-Hash during Handshake Andrei Popov
- Re: [TLS] Transcript-Hash during Handshake Ilari Liusvaara
- Re: [TLS] Transcript-Hash during Handshake Andrei Popov