[TLS] Exporter output size

Martin Thomson <martin.thomson@gmail.com> Wed, 05 October 2016 01:32 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14C75129421 for <tls@ietfa.amsl.com>; Tue, 4 Oct 2016 18:32:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95cuvnXKRHhR for <tls@ietfa.amsl.com>; Tue, 4 Oct 2016 18:32:21 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEF6D129415 for <tls@ietf.org>; Tue, 4 Oct 2016 18:32:20 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id o68so66391163qkf.3 for <tls@ietf.org>; Tue, 04 Oct 2016 18:32:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=DEdFp/JIj3FUGBIwlp0eXn2Cl5JHQEEPtTjoMtOIkro=; b=hjIJXNsaO8nTPU2T+JOedfwu1EagfyMQX3PksCUOFhM/t0xD/ioMqlanjm4cl0VVp+ yroStKxa5fv7fQkfW5fq9D34FK/f84fmdqxxgBf2wqG7LqBFwprCRb3Jiin0i/FVpRTm AFL3dJVikdcu/1prAfiby9+TFvv0LK0IOSlEYFrle7QqwXJYSqk40qyReSIWyV6d3LS7 SLxtoaHa2S7wjzVwNA7zZjJtEV9lWOfX2OBj+DsNdpfxIWIm6WSBt/BEg/mhZJ375wR4 nyHGmS7Cdt4y18eTPXL/3go1Qwly6Xzokh1N+jQaKOn4oy1xhME5IiH+XED5Tk0dte+7 sTqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DEdFp/JIj3FUGBIwlp0eXn2Cl5JHQEEPtTjoMtOIkro=; b=gfy4zjc9zmDpAdmTRigns4HP1nCATlQR3/5t7AT0rBPYPo/FaBwt5QwgTB+pv9JH7o e4VO4XU4Cjw30Gki0vMoS/Zj8GGLPEI5lVa+f7upwe6w9t3T7lPr0ul/LEAKzXzApfJP OA+ESJqq8gPxgNC8bxS+P5fLXeeXidtiXxkwNQ9KBmwhEFA1iXtmu938Isd0vqaiXtfi aMqZrmMwgr6JcwNelIk/Oj4Ujc41q8OXqta2HJ/TngS1y1c8wxXtYNR60lVsBMxjeXDP XjyavR+CqH8iP4akoALRaUCPR1AOnJk9HQwMzAFFNj2fDk8nqNSULFXCgbznzOpCIx8E B96w==
X-Gm-Message-State: AA6/9RnlWKgmZtgfI6xRmuG75SCHYHxFslXNUmyPYRfWhzEj4nkP2ZvQwgF4kdU+wyVkVNOh62keoebpgu21kg==
X-Received: by 10.55.167.149 with SMTP id q143mr6360071qke.97.1475631140013; Tue, 04 Oct 2016 18:32:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.146 with HTTP; Tue, 4 Oct 2016 18:32:19 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 05 Oct 2016 12:32:19 +1100
Message-ID: <CABkgnnVc2uegQX1zdFamBtkDfzw9k3aBx6xFbNH4PpgWScALew@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UnliVbPpo9C9G3ptA26EWBf-OVg>
Subject: [TLS] Exporter output size
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 01:32:22 -0000

After a bunch of discussion about the consequences of having
insufficient output from various stages of the hash functions... Could
we make an amendment to TLS 1.3 to force the output size of the
exporter to be the size of the underlying hash output?  That is,
remove the length parameter.  Or is a change to the API too
disruptive?