[TLS] comment on draft-ietf-tls-session-hash-01
Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 29 September 2014 10:57 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D95D41A1A48 for <tls@ietfa.amsl.com>; Mon, 29 Sep 2014 03:57:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIcG-W1FmCMk for <tls@ietfa.amsl.com>; Mon, 29 Sep 2014 03:57:53 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CDBF1A1A28 for <tls@ietf.org>; Mon, 29 Sep 2014 03:57:52 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8TAvpMT003728 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 29 Sep 2014 06:57:51 -0400
Received: from [10.34.2.127] (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8TAvmt1001844 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 29 Sep 2014 06:57:51 -0400
Message-ID: <1411988268.1922.37.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: draft-ietf-tls-session-hash@tools.ietf.org
Date: Mon, 29 Sep 2014 12:57:48 +0200
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/okshLjy7lqBi4hEXcgCGmnUZubI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] comment on draft-ietf-tls-session-hash-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2014 10:57:55 -0000
Hello, The text in draft-ietf-tls-session-hash-01 specifies: "Implementation note: As described in Section 4, the "session_hash" is used in the extended master secret computation. Hence, it must be possible to compute the session_hash before the master secret is computed. In SSL 3.0, the master secret is first needed in the Client's CertificateVerify message. Hence, it is widespread implementation practice to compute the master secret as soon as the "pre_master_secret" is available, typically immediately before or after sending the Client Key Exchange message." My first comment is that this text is pretty confusing. The second is to clarify my understanding. Does this text suggest that for SSL 3.0 in order to calculate the "extended master secret", must first calculate the "master secret" it is supposed to replace? If yes, I find the argument unconvincing for the introduction of such complexity in the master secret calculation. I suggest the following alternatives: 1. Do SSL 3.0 extended master secret calculation as in TLS 1.0 when this extension is present 2. Explicitly state that SSL 3.0 is not in the scope of the document; anyway there is no real expectation of such an extension to be implemented in an SSL 3.0-only implementation. regards, Nikos
- [TLS] comment on draft-ietf-tls-session-hash-01 Nikos Mavrogiannopoulos