[TLS] Buffering handshake messages for verify_data in the TLS 1.2 I-D
Wan-Teh Chang <wtchang@redhat.com> Wed, 27 September 2006 14:02 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GSZzt-0004VI-Cy; Wed, 27 Sep 2006 10:02:49 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GSZzs-0004VC-Ta for tls@ietf.org; Wed, 27 Sep 2006 10:02:48 -0400
Received: from mx1.redhat.com ([66.187.233.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GSZzr-0004jv-LM for tls@ietf.org; Wed, 27 Sep 2006 10:02:48 -0400
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k8RE2jMX029577 for <tls@ietf.org>; Wed, 27 Sep 2006 10:02:45 -0400
Received: from potter.sfbay.redhat.com (potter.sfbay.redhat.com [172.16.27.15]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k8RE2i5X004833 for <tls@ietf.org>; Wed, 27 Sep 2006 10:02:44 -0400
Received: from [127.0.0.1] (vpn-51-24.sfbay.redhat.com [10.14.51.24] (may be forged)) by potter.sfbay.redhat.com (8.12.8/8.12.8) with ESMTP id k8RE2bvA007808 for <tls@ietf.org>; Wed, 27 Sep 2006 10:02:43 -0400
Message-ID: <451A8480.7020008@redhat.com>
Date: Wed, 27 Sep 2006 07:02:40 -0700
From: Wan-Teh Chang <wtchang@redhat.com>
User-Agent: Thunderbird 2.0b1pre (Windows/20060923)
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Cc:
Subject: [TLS] Buffering handshake messages for verify_data in the TLS 1.2 I-D
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
I have a question about verify_data in the current TLS 1.2 I-D
(draft-ietf-tls-rfc4346-bis-01.txt).
struct {
opaque verify_data[12];
} Finished;
verify_data
PRF(master_secret, finished_label, MD5(handshake_messages) +
SHA-1(handshake_messages)) [0..11];
I understand that verify_data is incorrectly specified -- we're
going to feed in the handshake messages directly. But this
forces a TLS implementation to save the handshake messages until
the master secret has been computed. In TLS 1.0/1.1, we can feed
in the handshake messages to MD5 and SHA-1 immediately and only
need to keep the "contexts" for the running MD5 and SHA-1 hash
operations around. I didn't compared the memory usage of the two
schemes, but it's more programming work to buffer the handshake
messages until the master secret is available.
(In the NSS crypto library, the MD5 operation context is 88 bytes
and SHA-1 operation context is 160 or 248 bytes.)
Wan-Teh
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Buffering handshake messages for verify_dat… Wan-Teh Chang