Re: [TLS] confirming the room’s consensus: adopt HKDF PRF for TLS 1.3

Russ Housley <housley@vigilsec.com> Wed, 01 April 2015 19:20 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 628241A8A76 for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 12:20:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.6
X-Spam-Level:
X-Spam-Status: No, score=-101.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWrQbSHMn6-Y for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 12:20:33 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6F4E71A1AA8 for <tls@ietf.org>; Wed, 1 Apr 2015 12:20:16 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 044C29A401B for <tls@ietf.org>; Wed, 1 Apr 2015 15:20:06 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id x0RrQhXrBMnS for <tls@ietf.org>; Wed, 1 Apr 2015 15:19:45 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-133-185.washdc.fios.verizon.net [96.255.133.185]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 0BFB89A4021 for <tls@ietf.org>; Wed, 1 Apr 2015 15:19:45 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <4A5C6D8F-6A28-4374-AF1F-3B202738FB1D@ieca.com>
Date: Wed, 01 Apr 2015 15:19:33 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B34B04D9-6ED4-47A4-9E3D-1AC05B55B533@vigilsec.com>
References: <4A5C6D8F-6A28-4374-AF1F-3B202738FB1D@ieca.com>
To: IETF TLS <tls@ietf.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/nCgFiuSLDCrdcGe-9_9eCYOXroI>
Subject: Re: [TLS] confirming the room’s consensus: adopt HKDF PRF for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 19:20:34 -0000

The hum in the room showed overwhelming support for HKDF.

One detail that was not discussed because we were running out of time is important to me (and may be important to others).  SHA-256 would be the MTI.  Is an alternative hash function chosen based on the cipher suite or some other mechanism?

Russ


On Apr 1, 2015, at 2:00 PM, Sean Turner wrote:

> This message is to confirm the consensus reached @ the IETF 92 TLS session in Dallas and at the TLS Interim in Seattle to make the TLS 1.3 PRF be an HKDF-based PRF (see http://datatracker.ietf.org/doc/rfc5869/?include_text=1)
> 
> Please indicate whether or not you agree with the consensus by 2015-04-17.  If not, please indicate why.  Also, please note that we’re interested in uncovering new issues not rehashing issues already discussed.
> 
> Thanks - J&S
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls