IETF Logo Mail Archive

Re: [TLS] Issue #964: Shortened HKDF labels

Benjamin Kaduk <bkaduk@akamai.com> Mon, 24 April 2017 23:29 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84D63131962 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 16:29:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGNcvs-c-GRl for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 16:29:14 -0700 (PDT)
Received: from prod-mail-xrelay05.akamai.com (prod-mail-xrelay05.akamai.com [23.79.238.179]) by ietfa.amsl.com (Postfix) with ESMTP id 249A1131960 for <tls@ietf.org>; Mon, 24 Apr 2017 16:29:14 -0700 (PDT)
Received: from prod-mail-xrelay05.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 6628043346C; Mon, 24 Apr 2017 23:29:13 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay05.akamai.com (Postfix) with ESMTP id 3DB1543342C; Mon, 24 Apr 2017 23:29:13 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1493076553; bh=GjUwdxokuKdgCWJab7Jp5Kn/2yiHvb8gJCR3Y7bB9cw=; l=3586; h=To:References:Cc:From:Date:In-Reply-To:From; b=s/H0FRjsJZU3+NYe9A833U4HpnGZxgdb+7I88ZRJ88RVHaBmCUVqBpV1iKqGaEFDu x4SvNrFFilOyqWq3LT73kpnS/4yRGBupiVZ0+tHuiQP0Bbygc5nY70w3XNR/+0366D +V/npm/DrM6bZ2XdoNEVYxwcwu7uYKtOWTn+ogXM=
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id F044B1FCA0; Mon, 24 Apr 2017 23:29:12 +0000 (GMT)
To: Eric Rescorla <ekr@rtfm.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <CABcZeBP_0d+14_3SQ3sk+knytxpo4yxq5eYwGn++GC8H9BpUfw@mail.gmail.com> <20170424152422.GA18543@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBOoFRwwKO7SqjgcVGMU2UneUiaNXGr4GRO=80C3tsxo-w@mail.gmail.com> <20170424161619.GA18783@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMriYeFZO5OJnBZvDbhw57V0F5_SBXwvcq8FAXTASa9Bw@mail.gmail.com> <CABcZeBO0pcysQuFPXoA44+LxGbOhRVC73UMHC7K6J2DTfB5gVA@mail.gmail.com>
Cc: "tls@ietf.org" <tls@ietf.org>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <9e60149e-65bb-d122-68dd-a17081e26247@akamai.com>
Date: Mon, 24 Apr 2017 18:29:12 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBO0pcysQuFPXoA44+LxGbOhRVC73UMHC7K6J2DTfB5gVA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------7782EF314DCB4A8265E7D36A"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lJwb49dT0Op_Hk2BRV1_PQW-NWU>
Subject: Re: [TLS] Issue #964: Shortened HKDF labels
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 23:29:15 -0000

On 04/24/2017 06:21 PM, Eric Rescorla wrote:
> Based on Ilari's comments, it seems like we just lost 9 bytes, and the
> TLS 1.3, label was 9 bytes, so these cancel each other out and we have
> a total of 18 bytes to work with, including the label.
>
> Hence, the following proposal for the complete label, where the
> longest string is 18 bytes.
>
> 16 tls13 ext binder    #  was external psk binder key
> 16 tls13 res binder    #  was resumption psk binder key
> 17 tls13 c e traffic    #  was client early traffic secret
> 18 tls13 e exp master    #  was early exporter master secret
> 18 tls13 c hs traffic    #  was client handshake traffic secret
> 18 tls13 s hs traffic    #  was server handshake traffic secret
> 18 tls13 c ap traffic    #  was client application traffic secret
> 18 tls13 s ap traffic    #  was server application traffic secret
> 16 tls13 exp master    #  was exporter master secret
> 16 tls13 res master    #  was resumption master secret
> 9 tls13 key    #  was key
> 8 tls13 iv    #  was iv
> 14 tls13 finished    #  was finished
> 17 tls13 traffic upd    #  was application traffic secret
> 14 tls13 exporter    #  was exporter
> 13 tls13 derived    #  was derived
>
> Further bikeshedding?

I had something more olive-ish puce in mind ... but this is fine; ship it.

-Ben

v2.23.0 | Report a Bug | By Email