[TLS] Channel binding versus keying material exporters

Douglas Stebila <douglas@stebila.ca> Thu, 05 November 2009 16:22 UTC

Return-Path: <dstebila@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 10FBF3A6823 for <tls@core3.amsl.com>; Thu, 5 Nov 2009 08:22:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id mLvpHw57hvfw for <tls@core3.amsl.com>; Thu, 5 Nov 2009 08:22:53 -0800 (PST)
Received: from mail-bw0-f223.google.com (mail-bw0-f223.google.com []) by core3.amsl.com (Postfix) with ESMTP id 1A0D73A67D4 for <tls@ietf.org>; Thu, 5 Nov 2009 08:22:52 -0800 (PST)
Received: by bwz23 with SMTP id 23so156772bwz.29 for <tls@ietf.org>; Thu, 05 Nov 2009 08:23:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:from:content-type :content-transfer-encoding:subject:date:message-id:to:mime-version :x-mailer; bh=grlkOfF1eBi7rwORjJPS3BpUwUS0iMckOiVcaP/1V0I=; b=Jc05tUCLd9o78LtDbQxtxzu3rtCQJenv5jFqID46kObnPRWuyWgAwJE/zFDlfVTq76 dT/TAu86c3T2sgtGYQZGAT6nbiRj4cOPygJUqGVQzGPVu3PqaIHY4hmScUFOPZZzp669 Atl4eKPho1ffG2iVetTjiY9ZDyHOBTqcemNEM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:content-type:content-transfer-encoding:subject:date :message-id:to:mime-version:x-mailer; b=HPZfDbHwIuROdJk/5Vp0IeOgtuMVyYhYXePfSCNx8z4aqk/jEkhmO/NvuII1lzDtQs CT1vGVPkQ92LVpgfRPO1yGLlPD4L6y0qhRQM4mVNBqx7m/hHHY02PhuVUM/HmZLyEJRa vyULhZWiRbHBkWY3xZDxZLySPDsbckEDGCkU4=
Received: by with SMTP id y18mr3257878bkw.80.1257438192778; Thu, 05 Nov 2009 08:23:12 -0800 (PST)
Received: from ? (cm161.delta30.maxonline.com.sg []) by mx.google.com with ESMTPS id 14sm713779fxm.11.2009. (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 05 Nov 2009 08:23:11 -0800 (PST)
Sender: Douglas Stebila <dstebila@gmail.com>
From: Douglas Stebila <douglas@stebila.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Date: Fri, 6 Nov 2009 00:23:05 +0800
Message-Id: <3DE8D6FD-CABD-4851-9ACC-189CB0E1CE61@stebila.ca>
To: tls@ietf.org
Mime-Version: 1.0 (Apple Message framework v1076)
X-Mailer: Apple Mail (2.1076)
Subject: [TLS] Channel binding versus keying material exporters
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2009 16:26:01 -0000

Can someone comment on the similarities and differences of TLS channel  
binding and TLS keying material exporters?  Is the keying material  
derived from a TLS master key using a keying material exporter  
suitable for channel binding as well, if used for key confirmation?   
If a higher-level application wishes to do additional authentication  
and bind the endpoints of that authentication to the endpoints of the  
TLS connection, should one use key confirmation with keying material  
exporters or something from TLS channel binding?