[TLS] Premaster/Master convention

Michael StJohns <msj@nthpermutation.com> Wed, 30 July 2014 14:57 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24551A016B for <tls@ietfa.amsl.com>; Wed, 30 Jul 2014 07:57:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JV1yXIoYfivk for <tls@ietfa.amsl.com>; Wed, 30 Jul 2014 07:57:24 -0700 (PDT)
Received: from mail-qg0-f53.google.com (mail-qg0-f53.google.com [209.85.192.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBDB91A0111 for <tls@ietf.org>; Wed, 30 Jul 2014 07:57:23 -0700 (PDT)
Received: by mail-qg0-f53.google.com with SMTP id q107so1546542qgd.40 for <tls@ietf.org>; Wed, 30 Jul 2014 07:57:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=Z8MXWdeL+5pEveAd3PSp4Lv98vlyBZp4v/5KsDote7M=; b=fwUA6k0uLWsvB+hKS00k/wWojz63/CO2Ze2cNVRaUCiPB+fc81rKmNcz3HhCUVZEeR opUki59qG4Fv1rOK6cjylXShD1n8qBoKuGiVdw5eIb8ZJIuDGYmER2pxbg4C/CLNwPqy IoFYjtZ9sRb9xFgd9gdhjKvX3z2SXqzquQTmf0C9cP/dQj1iEtcJBGkwjz2Pk33B9WNf 8O2g6RgHe8rF3QwEw3vtX57T7q4+lButfdkT1LamnfGiAWOlF4XyLSCFBXPqHsJhSfat r+zeE/WkUkPD/eKK6HyoqcnFjUO+1M7q5wyQQPEauh0jqk3aDxdBlkB/GzzF4iam6zZK 2XnQ==
X-Gm-Message-State: ALoCoQlJbhnpJ9J5c8REZaMrZUN25fmIKTOWRH7Mi5+mIhgW/BwNgHq0XN2yg6P8cZTsPz2Cwo8Q
X-Received: by 10.140.46.55 with SMTP id j52mr7268794qga.27.1406732242842; Wed, 30 Jul 2014 07:57:22 -0700 (PDT)
Received: from [192.168.1.111] (c-68-34-113-195.hsd1.md.comcast.net. [68.34.113.195]) by mx.google.com with ESMTPSA id y8sm4380174qaf.33.2014.07.30.07.57.22 for <tls@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Jul 2014 07:57:22 -0700 (PDT)
Message-ID: <53D907B0.3000006@nthpermutation.com>
Date: Wed, 30 Jul 2014 10:56:48 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/eMQy40PHVy1UpzPt-mpJuE8i41Q
Subject: [TLS] Premaster/Master convention
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 14:57:26 -0000

Given that TLS1.3 only does KeyAgreement, is there still any reason for 
the premaster -> master_secret derivation step?  We do (KA)->premaster 
and then premaster -> master and then master->(session keys).   We could 
probably do (KA)->master->(session keys) where the master secret is now 
the KA shared secret rather than premaster.

1) Is there any security reason for retaining the extra step given there 
is no longer a KeyTransport mechanism in TLS1.3?
2) Are there other *good* - non-security - reasons for retaining the 
extra step?

Mike