Re: [TLS] Review comments on draft-rescorla-tls-opaque-prf-input-00.txt
<home_pw@msn.com> Thu, 18 January 2007 04:51 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H7PEu-00057H-7V; Wed, 17 Jan 2007 23:51:04 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H7PEs-00057A-Ul for tls@ietf.org; Wed, 17 Jan 2007 23:51:02 -0500
Received: from bay0-omc3-s18.bay0.hotmail.com ([65.54.246.218]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H7PEr-0007hk-Kq for tls@ietf.org; Wed, 17 Jan 2007 23:51:02 -0500
Received: from hotmail.com ([65.55.131.29]) by bay0-omc3-s18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 17 Jan 2007 20:51:01 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 17 Jan 2007 20:51:00 -0800
Message-ID: <BAY126-DAV192028B2EA5EB9D23929D892AA0@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV19.phx.gbl with DAV; Thu, 18 Jan 2007 04:50:56 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: Wan-Teh Chang <wtchang@redhat.com>, tls mailing list <tls@ietf.org>
References: <45AEA795.2080308@redhat.com>
Subject: Re: [TLS] Review comments on draft-rescorla-tls-opaque-prf-input-00.txt
Date: Wed, 17 Jan 2007 20:50:54 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 18 Jan 2007 04:51:00.0915 (UTC) FILETIME=[4039F030:01C73ABC]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Extending the length of the contributed Nonce information in the PRF is nicely disclosed, in section 3.2. What is interesting now is the session resumption disclosure. This may explain why Eric is so adamant that he can FORCE a new handshake, so he can refresh the extensions values for a new TLS Connection? But, as disclosed, its more confusing than before. Now the opaque PRF can only be used in pre-master-secret to master secret generation. In the other document and earlier in the paper, it seemed opaque PRF was being given a rationale for use in final KDF;'s generation of keying material. Between protocol analysis, hacking some extensions to extend the nonce, PRF parameterization, the way it handles session resumption and kind of reverses its rationale... this doesn't look a polished and finished piece of work. is "feels" like work in progress, attempting to apply external policy to standards making. Again, I cannot find any reason not to do this, or be open about it! --------- 3.2. PRF Modifications When the opaque PRF input feature is in use, the opaque PRF input values MUST be mixed into the PRF along with the client and server random values during the PMS->MS conversion. Thus, the PRF becomes: master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ClientHello.opaque_prf_input_value + ServerHello.random + ServerHello.opaque_prf_input_value)[0..47]; Because new extensions may not be introduced in resumed handshakes, mixing in the opaque PRF inputs during the MS->keying material conversion would simply involve mixing in the same material twice. Therefore, the opaque PRF inputs are only used when the PMS is converted into the MS. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Review comments on draft-rescorla-tls-opaqu… Wan-Teh Chang
- Re: [TLS] Review comments on draft-rescorla-tls-o… home_pw
- Re: [TLS] Review comments on draft-rescorla-tls-o… home_pw
- Re: [TLS] Review comments on draft-rescorla-tls-o… Eric Rescorla
- Re: [TLS] Review comments on draft-rescorla-tls-o… home_pw
- Re: [TLS] Review comments on draft-rescorla-tls-o… Eric Rescorla