Re: [TLS] confirming the room’s consensus: adopt HKDF PRF for TLS 1.3

Yoav Nir <ynir.ietf@gmail.com> Wed, 01 April 2015 21:52 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 048F01A8750 for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 14:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uZbzqEKrFtr for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 14:52:11 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C2E21A8701 for <tls@ietf.org>; Wed, 1 Apr 2015 14:52:11 -0700 (PDT)
Received: by wixo5 with SMTP id o5so64039327wix.1 for <tls@ietf.org>; Wed, 01 Apr 2015 14:52:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=AtAtqzYqlFcp5bhibVEQaFMYJ9oFnB32knAcyVdtnc4=; b=fTuu+wNXlpFfqnhUzNVU19rQHAwG+CiMQ9IRkvYVNCkSfJHfIDEjNREJc/z7xy1b1P Bd6KJ+UYMGwZs6D5fj6v5CEOnBKKNDtcv2Prz6bpUgsjHQ8OlJBQLq34TUdPadSKWxbg lwLribQhTzrGJqafwBL0wpFOJQMKO00ftJxM7yN0wrO6V5bm92klgkiWNPNYAKm/TOY0 vi+7wolxk20floOH7u5KD5QoEGa+jOoJzFEyoQCqX9HHAgVYFne7K7t//9X/l6rz8kaj B8i+/YAKPd18lREj4IFlE3ES1D89GnBX0DuhH7EOL+31r7ZGiefkpFrAIdnQd9AJNdkO bJww==
X-Received: by 10.180.21.161 with SMTP id w1mr18501125wie.16.1427925130338; Wed, 01 Apr 2015 14:52:10 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id kr5sm4461713wjc.1.2015.04.01.14.52.09 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 01 Apr 2015 14:52:09 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <4A5C6D8F-6A28-4374-AF1F-3B202738FB1D@ieca.com>
Date: Thu, 2 Apr 2015 00:52:08 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A3A3FF6-37C1-4108-85A0-2EBF56B531F7@gmail.com>
References: <4A5C6D8F-6A28-4374-AF1F-3B202738FB1D@ieca.com>
To: Sean Turner <TurnerS@ieca.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/r35bQ3Tghu_epVleN82NReOMDD8>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] =?windows-1252?q?confirming_the_room=92s_consensus=3A_adopt?= =?windows-1252?q?_HKDF_PRF_for_TLS_1=2E3?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 21:52:15 -0000

I support this proposal.

I agree that the weakness with the current PRF is theoretical, but the cost is not significant and theoretical attacks sometimes morph into pretty demos with funky acronyms. Let’s not go there.

Yoav

> On Apr 1, 2015, at 9:00 PM, Sean Turner <TurnerS@ieca.com> wrote:
> 
> This message is to confirm the consensus reached @ the IETF 92 TLS session in Dallas and at the TLS Interim in Seattle to make the TLS 1.3 PRF be an HKDF-based PRF (see http://datatracker.ietf.org/doc/rfc5869/?include_text=1).
> 
> Please indicate whether or not you agree with the consensus by 2015-04-17.  If not, please indicate why.  Also, please note that we’re interested in uncovering new issues not rehashing issues already discussed.
> 
> Thanks - J&S
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls