Re: [TLS] Quest for Unified Solution to TLS Renegotiation

David-Sarah Hopwood <david-sarah@jacaranda.org> Thu, 26 November 2009 17:24 UTC

DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=Dl+boz7kbvYwz7/rTcqNjRPDR1qtLITaIxuxq4uk2204xw5R50D8lX7YnS/zXYXoYE 2Of0IBqggx1ZC3c6IOaI9DjF0jCBK69FISVPB51SAK1jJN/165ZBjCbH8DNf43FCcfr/ WgsAoMh+qT+gfku3bTcoVCcjrFCIY1qzwSgXk=
Sender: David-Sarah Hopwood <djhopwood@googlemail.com>
Message-ID: <4B0EB97A.6010106@jacaranda.org>
Date: Thu, 26 Nov 2009 17:23:06 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: tls@ietf.org
References: <C7341143.6C75%uri@ll.mit.edu>
In-Reply-To: <C7341143.6C75%uri@ll.mit.edu>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------enig71C97ED84B9B1EEF608BFF78"
Subject: Re: [TLS] Quest for Unified Solution to TLS Renegotiation
Precedence: list

Blumenthal, Uri - 0662 - MITLL wrote:
> Yes, previous_verify_data MUST be a part of the input to the PRF. What Yoav
> Nir said (XOR-ing it with the master_secret), should work (out of hand -
> anybody sees a problem with it?).

The previous_verify_data is not necessarily secret, so this requires the
PRF to be secure against related-key attack. The particular PRFs used in
SSLv3 and TLS 1.0 to 1.2 should be secure in that sense, but (if we
decide to use this approach) I still prefer what I suggested before:

    verify_data =
      PRF(master_secret, finished_label, Hash(handshake_messages)
                                         + previous_verify_data)
        [0..verify_data_length-1];

which uses the PRF in a more conventional way.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

Attachment: signature.asc

[TLS] Quest for Unified Solution to TLS Renegotia… Michael D'Errico
Re: [TLS] Quest for Unified Solution to TLS Reneg… Marsh Ray
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Stefan Santesson
Re: [TLS] Quest for Unified Solution to TLS Reneg… Eric Rescorla
Re: [TLS] Quest for Unified Solution to TLS Reneg… Hovav Shacham
Re: [TLS] Quest for Unified Solution to TLS Reneg… Michael D'Errico
Re: [TLS] Quest for Unified Solution to TLS Reneg… Eric Rescorla
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Michael D'Errico
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Michael D'Errico
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Yoav Nir
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Blumenthal, Uri - 0662 - MITLL
Re: [TLS] Quest for Unified Solution to TLS Reneg… Blumenthal, Uri - 0662 - MITLL
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Blumenthal, Uri - 0662 - MITLL
Re: [TLS] Quest for Unified Solution to TLS Reneg… Marsh Ray
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Michael D'Errico
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… Michael D'Errico
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Blumenthal, Uri - 0662 - MITLL
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Stephen Farrell
Re: [TLS] Quest for Unified Solution to TLS Reneg… Yoav Nir
Re: [TLS] Quest for Unified Solution to TLS Reneg… Nelson B Bolyard
Re: [TLS] Quest for Unified Solution to TLS Reneg… Nelson B Bolyard
Re: [TLS] Quest for Unified Solution to TLS Reneg… Blumenthal, Uri - 0662 - MITLL
Re: [TLS] Quest for Unified Solution to TLS Reneg… Martin Rex
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood
Re: [TLS] Quest for Unified Solution to TLS Reneg… Kyle Hamilton
Re: [TLS] Quest for Unified Solution to TLS Reneg… Eric Rescorla
Re: [TLS] Quest for Unified Solution to TLS Reneg… Blumenthal, Uri - 0662 - MITLL
Re: [TLS] Quest for Unified Solution to TLS Reneg… David-Sarah Hopwood

Re: [TLS] Quest for Unified Solution to TLS Renegotiation

Attachment: signature.asc