RE: [TLS] Updated TLS 1.2 I-D
<Pasi.Eronen@nokia.com> Mon, 26 June 2006 16:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FuuLs-0003ma-SX; Mon, 26 Jun 2006 12:54:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FuuLq-0003mT-UO for tls@ietf.org; Mon, 26 Jun 2006 12:54:18 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Futbd-00049O-DF for tls@ietf.org; Mon, 26 Jun 2006 12:06:33 -0400
Received: from mgw-ext11.nokia.com ([131.228.20.170]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FutTj-0000WL-Te for tls@ietf.org; Mon, 26 Jun 2006 11:58:24 -0400
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext11.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k5QFwBqg002245; Mon, 26 Jun 2006 18:58:15 +0300
Received: from esebh101.NOE.Nokia.com ([172.21.138.177]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Jun 2006 18:58:11 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Jun 2006 18:58:10 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Updated TLS 1.2 I-D
Date: Mon, 26 Jun 2006 18:58:04 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2402D63739@esebe105.NOE.Nokia.com>
In-Reply-To: <20060626153411.GA2821@iota.site>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Updated TLS 1.2 I-D
Thread-Index: AcaZNvBGH8AVxVsoRTqQxaAS3a+HMQAARkMg
From: Pasi.Eronen@nokia.com
To: bmoeller@acm.org
X-OriginalArrivalTime: 26 Jun 2006 15:58:10.0868 (UTC) FILETIME=[52D78740:01C69939]
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Bodo Moeller wrote: > If you take into account SSL 3.0, then the PRF already *is* a > property of the TLS protocol version, though. And the current TLS > PRF, with its input-splitting dual-hash construction, is somewhat > bizarre, so a reasonable simple new PRF, based on a wider hash, > wouldn't be bad -- providing the advantage that those who want to > avoid the current TLS PRF in their favorite ciphersuites won't have > to define additional ciphersuites just to get another PRF, as long > as they are reasonably happy with the new default if we decide on > one. Hmm... this is true. And we do have a precedent for TLS version dependent properties in ciphersuites: when we added an explicit IV for CBC mode ciphersuites in TLS 1.1, we didn't give new numbers (e.g. "TLS_RSA_WITH_AES_128_CBC_EXPLICITIV_SHA"). So perhaps Eric's proposal (PRF is a property of both the ciphersuite and protocol version, and for version 1.2, it defaults to the new to-be-decided PRF unless a ciphersuite spec explicitly says otherwise) would be simpler after all.. Best regards, Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Updated TLS 1.2 I-D Eric Rescorla
- Re: [TLS] Updated TLS 1.2 I-D Kyle Hamilton
- Re: [TLS] Updated TLS 1.2 I-D Bodo Moeller
- Re: [TLS] Updated TLS 1.2 I-D Peter Sylvester
- RE: [TLS] Updated TLS 1.2 I-D Pasi.Eronen
- Re: [TLS] Updated TLS 1.2 I-D Eric Rescorla
- Re: [TLS] Updated TLS 1.2 I-D Mohamad Badra
- RE: [TLS] Updated TLS 1.2 I-D Pasi.Eronen
- Re: [TLS] Updated TLS 1.2 I-D Bodo Moeller
- Re: [TLS] Updated TLS 1.2 I-D Peter Sylvester
- RE: [TLS] Updated TLS 1.2 I-D Pasi.Eronen
- Re: [TLS] Updated TLS 1.2 I-D Anyang Ren
- Re: [TLS] Updated TLS 1.2 I-D Eric Rescorla
- Re: [TLS] Updated TLS 1.2 I-D Anyang Ren
- Re: [TLS] Updated TLS 1.2 I-D Eric Rescorla
- RE: [TLS] Updated TLS 1.2 I-D Pasi.Eronen
- Re: [TLS] Updated TLS 1.2 I-D Rob Dugal
- Re: [TLS] Updated TLS 1.2 I-D Gregory Chudov
- Re: [TLS] Updated TLS 1.2 I-D Bodo Moeller