IETF Logo Mail Archive

Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC

Mohamad Badra <badra@isima.fr> Wed, 01 October 2008 15:02 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D14EB28C1BF; Wed, 1 Oct 2008 08:02:26 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B64E28C0FA for <tls@core3.amsl.com>; Wed, 1 Oct 2008 08:02:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.692
X-Spam-Level:
X-Spam-Status: No, score=-1.692 tagged_above=-999 required=5 tests=[AWL=0.557, BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vzT+9-3ICCF for <tls@core3.amsl.com>; Wed, 1 Oct 2008 08:02:25 -0700 (PDT)
Received: from sp.isima.fr (sp.isima.fr [193.55.95.1]) by core3.amsl.com (Postfix) with ESMTP id BC48228C1D0 for <tls@ietf.org>; Wed, 1 Oct 2008 08:02:23 -0700 (PDT)
Received: from [127.0.0.1] (pc158.isima.fr [193.55.95.158]) by sp.isima.fr (8.13.8/8.13.8) with ESMTP id m91G2Ygd745606; Wed, 1 Oct 2008 17:02:34 +0100
Message-ID: <48E390CF.7060003@isima.fr>
Date: Wed, 01 Oct 2008 17:01:35 +0200
From: Mohamad Badra <badra@isima.fr>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Pasi.Eronen@nokia.com
References: <48E0AD6A.3070705@isima.fr> <1696498986EFEC4D9153717DA325CB7201C31635@vaebe104.NOE.Nokia.com>
In-Reply-To: <1696498986EFEC4D9153717DA325CB7201C31635@vaebe104.NOE.Nokia.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (sp.isima.fr [193.55.95.1]); Wed, 01 Oct 2008 17:02:34 +0100 (WEST)
Cc: tls@ietf.org
Subject: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

> It's a bit surprising that e.g. TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
> when negotiated in TLS 1.2, would use the TLS PRF with SHA-1 as the 
> hash function. Note that e.g. TLS_DHE_PSK_WITH_AES_128_CBC_SHA (from 
> RFC 4279) would in this situation use the TLS PRF with SHA-256.
> 
> My suggestion would be to say that all these cipher suites can be
> negotiated with any TLS version; when used with TLS <1.2, they use
> the PRF from that version; when used with TLS >=1.2, they use the
> TLS PRF with SHA-256 or SHA-384. (In other words: they'd work the
> same way as the cipher suites in RFC 4492/4279/4785.)

OK, I agree with that.
Best regards

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email