Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:

Nicolas Williams <Nicolas.Williams@sun.com> Tue, 03 November 2009 22:36 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 215FF3A67D6; Tue, 3 Nov 2009 14:36:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.045
X-Spam-Level:
X-Spam-Status: No, score=-6.045 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xAVHoPWQ4APM; Tue, 3 Nov 2009 14:36:05 -0800 (PST)
Received: from sca-ea-mail-1.sun.com (sca-ea-mail-1.Sun.COM [192.18.43.24]) by core3.amsl.com (Postfix) with ESMTP id 0BD6F3A63EB; Tue, 3 Nov 2009 14:36:05 -0800 (PST)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id nA3MaL10021489; Tue, 3 Nov 2009 22:36:22 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id nA3MaLa8030140; Tue, 3 Nov 2009 15:36:21 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id nA3MOpCu007591; Tue, 3 Nov 2009 16:24:51 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id nA3MOp2A007590; Tue, 3 Nov 2009 16:24:51 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Tue, 3 Nov 2009 16:24:51 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Simon Josefsson <simon@josefsson.org>
Message-ID: <20091103222451.GK1105@Sun.COM>
References: <20091030223647.GO1105@Sun.COM> <200911021459.nA2Exi67028763@fs4113.wdf.sap.corp> <87hbtcc457.fsf@mocca.josefsson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87hbtcc457.fsf@mocca.josefsson.org>
User-Agent: Mutt/1.5.7i
Cc: mrex@sap.com, channel-binding@ietf.org, tls@ietf.org, sasl@ietf.org
Subject: Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2009 22:36:06 -0000

On Mon, Nov 02, 2009 at 04:55:48PM +0100, Simon Josefsson wrote:
> Martin Rex <Martin.Rex@sap.com>; writes:
> 
> > It might be easier to _NOT_ key on the finished message, but on the
> > master secret instead.
> 
> That was my conclusion as well, hence
> http://tools.ietf.org/html/draft-josefsson-sasl-tls-cb-00
> which uses the TLS PRF interface.
> 
> For -02 I also added hashing the Finished message, to match the
> semantics for connection/session (regardless of its definition) of
> draft-altman-tls-channel-bindings, but I'd prefer to avoid it
> completely.

I don't agree.  That it's easier to speak of the master secret is not
enough.  The Finished message's construction provides better binding of
the entire negotiation (up to that Finished message), and that's why we
chose it.