Re: [TLS] Exporter output size
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 05 October 2016 17:35 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58A8E129717 for <tls@ietfa.amsl.com>; Wed, 5 Oct 2016 10:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZtfsdTv5klO for <tls@ietfa.amsl.com>; Wed, 5 Oct 2016 10:35:33 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0119.outbound.protection.outlook.com [104.47.32.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17FAB1293DC for <tls@ietf.org>; Wed, 5 Oct 2016 10:35:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qdkHF1wuUZKDViBuNJp2KigfMDMgBVeLrU1AvOn8rgc=; b=kM3RgUAFneQ2i0Hp0s+5Nh8SNBQiBEkBuchRlG57ia9pUepXXoct1gez1taZ3i/6s5byGtXg1DINIvC2kwzdKnPIvnE4EuOVauoUl6zhzG6z7pIT+TPmcK8iThzqqhOpScGWOBrKANdDyoTUi1L0+PVLlmx9C2vtRgjnq1Il+5U=
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) by CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Wed, 5 Oct 2016 17:35:31 +0000
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) by CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) with mapi id 15.01.0649.021; Wed, 5 Oct 2016 17:35:31 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [TLS] Exporter output size
Thread-Index: AQHSHqhd5Z8e+0GkCUmnlUJ4uTWLHaCZOXwAgADlPrA=
Date: Wed, 05 Oct 2016 17:35:31 +0000
Message-ID: <CY1PR0301MB08422FB26D2F18372A4451C68CC40@CY1PR0301MB0842.namprd03.prod.outlook.com>
References: <CABkgnnVc2uegQX1zdFamBtkDfzw9k3aBx6xFbNH4PpgWScALew@mail.gmail.com> <CABcZeBMLbDv2oOu-GFdmm2cYNbNsrocnZ5KdW4D5HBbXdAEK1g@mail.gmail.com>
In-Reply-To: <CABcZeBMLbDv2oOu-GFdmm2cYNbNsrocnZ5KdW4D5HBbXdAEK1g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:a::1d2]
x-ms-office365-filtering-correlation-id: 9540558e-3447-4abd-455e-08d3ed460182
x-microsoft-exchange-diagnostics: 1; CY1PR0301MB0842; 7:1sqZJHw4esX3GiO+mmjTWLUOGotHPJL1LfLyQ/xtNUscmz1P7NMYhsJXsTYIMlJBZ8tSWhTYw4nB4lQoFX/A70vJgvqN1p1aDWxukqZmmZIs06WOxEUKswOHuUsURkTxM8QPi/FehRDEHH/H4Ixn80dvmj5Kz/q8Swmlgd0QN3h4nudYXJHc0ll3kRxkrS6yUgeCx6m9ZMD98kGzP1Nw0rdRylIrdatW+owFzkPGL9AlV0dF6tgnURIskl0ZaK3pnwjBTmgkmcDp04g3OcVMyRQuz3RgAEOlifCApvHYMPtXP81QGrbffvt4LmLN7gUpjB3qM6Ks7Z0ui4Pexa5Z+g==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB0842;
x-microsoft-antispam-prvs: <CY1PR0301MB084206E13CC5069F6FC15AD78CC40@CY1PR0301MB0842.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:CY1PR0301MB0842; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0842;
x-forefront-prvs: 008663486A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(7916002)(377454003)(199003)(189002)(24454002)(2900100001)(86362001)(7906003)(106356001)(99286002)(106116001)(7736002)(7846002)(86612001)(74316002)(4326007)(790700001)(105586002)(586003)(15975445007)(2906002)(8990500004)(6116002)(3660700001)(19580405001)(102836003)(87936001)(19609705001)(189998001)(19617315012)(122556002)(10290500002)(77096005)(19580395003)(8676002)(92566002)(5005710100001)(54356999)(68736007)(10400500002)(5002640100001)(2950100002)(11100500001)(3280700002)(101416001)(9686002)(5001770100001)(8936002)(97736004)(10090500001)(81156014)(76176999)(33656002)(19300405004)(16236675004)(76576001)(81166006)(19625215002)(50986999)(5660300001)(7696004)(3826002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0842; H:CY1PR0301MB0842.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR0301MB08422FB26D2F18372A4451C68CC40CY1PR0301MB0842_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2016 17:35:31.5678 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0842
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sXEFA77QloHPoAzJ_20aSd_kGUc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Exporter output size
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 17:35:35 -0000
Also, it would be difficult to remove existing functionality, and get the callers to update. E.g. deprecation of TLS_UNIQUE is not going easy for apps/protocols. Cheers, Andrei From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla Sent: Tuesday, October 4, 2016 8:49 PM To: Martin Thomson <martin.thomson@gmail.com> Cc: tls@ietf.org Subject: Re: [TLS] Exporter output size On Tue, Oct 4, 2016 at 6:32 PM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> wrote: After a bunch of discussion about the consequences of having insufficient output from various stages of the hash functions... Could we make an amendment to TLS 1.3 to force the output size of the exporter to be the size of the underlying hash output? That is, remove the length parameter. Or is a change to the API too disruptive? I don't think this is a good idea. There are plenty of reasons why you would want to export values != hash_len (e.g., cryptographic keys). Putting a restriction here just pushes the problem around -Ekr _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- [TLS] Exporter output size Martin Thomson
- Re: [TLS] Exporter output size Eric Rescorla
- Re: [TLS] Exporter output size Andrei Popov