Re: [TLS] Entirely omitting context in draft-ietf-tls-extractor
Michael Tüxen <Michael.Tuexen@lurchi.franken.de> Sun, 07 March 2010 10:11 UTC
Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C04B228C10A for <tls@core3.amsl.com>; Sun, 7 Mar 2010 02:11:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.338
X-Spam-Level: **
X-Spam-Status: No, score=2.338 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HOST_EQ_DIP_TDIAL=2.144, HOST_MISMATCH_NET=0.311, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hk6ptE1Joguf for <tls@core3.amsl.com>; Sun, 7 Mar 2010 02:11:38 -0800 (PST)
Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by core3.amsl.com (Postfix) with ESMTP id ED35B28C0CE for <tls@ietf.org>; Sun, 7 Mar 2010 02:11:37 -0800 (PST)
Received: from [192.168.1.121] (p508FF198.dip.t-dialin.net [80.143.241.152]) by mail-n.franken.de (Postfix) with ESMTP id 1D98F1C0B4607; Sun, 7 Mar 2010 11:11:37 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <808FD6E27AD4884E94820BC333B2DB775847D1E3C4@NOK-EUMSG-01.mgdnok.nokia.com>
Date: Sun, 07 Mar 2010 11:11:36 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <84893D7C-8E7E-4BE3-8041-E4C42DDFD3C0@lurchi.franken.de>
References: <20100221233503.54D806EB9B5@kilo.networkresonance.com> <808FD6E27AD4884E94820BC333B2DB775847D1E3C4@NOK-EUMSG-01.mgdnok.nokia.com>
To: Pasi.Eronen@nokia.com
X-Mailer: Apple Mail (2.1077)
Cc: tls@ietf.org
Subject: Re: [TLS] Entirely omitting context in draft-ietf-tls-extractor
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Mar 2010 10:11:40 -0000
On Feb 22, 2010, at 7:06 PM, <Pasi.Eronen@nokia.com> <Pasi.Eronen@nokia.com> wrote: > Not wearing any hats: This could potentially simplify TLS library > APIs a bit (no need to provide special cases for EAP-TLS/EAP-TTLS). > And since we require that one label can't be a prefix of any other > label, this seems safe, too. So no objections from me as individual. > > Wearing AD hat: I'll wait for a week or so to see if there are > objections before OK'ing this change with the RFC editor. Any decision on this? Best regards Michael > > Best regards, > Pasi > >> -----Original Message----- >> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of >> ext Eric Rescorla >> Sent: 22 February, 2010 01:35 >> To: tls@ietf.org >> Subject: [TLS] Entirely omitting context in draft-ietf-tls-extractor >> >> During LC, we received a comment from Jouni Malinen that >> unconditionally >> including the context in the PRF created an unnecesssary >> incompatibility >> with exporter-type mechanisms in EAP-TLS and EAP-TTLS which could >> otherwise >> be retconned into being extractor usages. In order to address this, I >> propose changing the text to read: >> >> >> If no context is provided, it then computes: >> >> PRF(SecurityParameters.master_secret, label, >> SecurityParameters.client_random + >> SecurityParameters.server_random >> )[length] >> >> If the context is provided, it computes:: >> >> PRF(SecurityParameters.master_secret, label, >> SecurityParameters.client_random + >> SecurityParameters.server_random + >> context_value_length + context_value >> )[length] >> >> Where PRF is the TLS PRF in use for the session. The output is a >> pseudorandom bit string of length bytes generated from the >> master_secret. (This construction allows for interoperability >> with older exporter-type constructions which do not >> use context values, e.g., [RFC5281]). >> >> Any objections? >> >> -Ekr >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Entirely omitting context in draft-ietf-tls… Eric Rescorla
- Re: [TLS] Entirely omitting context in draft-ietf… Joseph Salowey (jsalowey)
- Re: [TLS] Entirely omitting context in draft-ietf… Pasi.Eronen
- Re: [TLS] Entirely omitting context in draft-ietf… Michael Tüxen
- Re: [TLS] Entirely omitting context in draft-ietf… Pasi.Eronen