IETF Logo Mail Archive

Re: [TLS] PRF in 1.3

Andrey Jivsov <crypto@brainhub.org> Thu, 07 August 2014 05:37 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 995121A0AD1 for <tls@ietfa.amsl.com>; Wed, 6 Aug 2014 22:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7J9z7xjR6aP for <tls@ietfa.amsl.com>; Wed, 6 Aug 2014 22:37:29 -0700 (PDT)
Received: from qmta06.emeryville.ca.mail.comcast.net (qmta06.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:56]) by ietfa.amsl.com (Postfix) with ESMTP id 16FD21A0ACE for <tls@ietf.org>; Wed, 6 Aug 2014 22:37:29 -0700 (PDT)
Received: from omta03.emeryville.ca.mail.comcast.net ([76.96.30.27]) by qmta06.emeryville.ca.mail.comcast.net with comcast id bhNB1o0020b6N64A6hdUo1; Thu, 07 Aug 2014 05:37:28 +0000
Received: from [192.168.1.2] ([71.202.164.227]) by omta03.emeryville.ca.mail.comcast.net with comcast id bhdT1o00P4uhcbK8PhdUX0; Thu, 07 Aug 2014 05:37:28 +0000
Message-ID: <53E31097.5030800@brainhub.org>
Date: Wed, 06 Aug 2014 22:37:27 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: tls@ietf.org
X-Priority: 5 (Lowest)
References: <20140806191122.57BC61ADF5@ld9781.wdf.sap.corp> <53E28BC6.6040208@nthpermutation.com>
In-Reply-To: <53E28BC6.6040208@nthpermutation.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1407389848; bh=aDd7K30T0/ytDbt4hld4sDojA+UVFiqjp1SpekB2JNg=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=EJDyXvjIerkmZ9/XcDJSXAjh0LgxKd7cD8/c7XqzQ5sRhOYfhQhhdmeU83XTwsi7Z Qn4z5zq/SMiSnPewtVakHDCCiRN5MMlo3NrO4Lqlbv+KeqGUiDC6VZPhq7Uk3ZfUNv O/mLtizvvg6cSSc7SUoo6t1IdeAHuAnYkub+VeQWZTU6GMmXfeRrPqqjC7nQbM3tiA /de5iFEq3QcG4MXbT9T7jV3mdkfKP82RW09RX2RBIZVs7UmL3If9jlzU5sBK7nNXnt bQpc77OWI5XeitA44QOhZwe3cxtTtyqFVn3xm6Bc6EazOahzZyTzdgIaX0+gieTZRx LHtvqRy5LfEWw==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/txpi7RM3_Of32TBANZuj0qEZfUI
Subject: Re: [TLS] PRF in 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2014 05:37:30 -0000

On 08/06/2014 01:10 PM, Michael StJohns wrote:
> I think you're still missing the point - the PRF *is* used as a
> signature function over a hash.  If the PRF were used as an HMAC
> signature function over the raw handshake data, it would be as secure as
> the HMAC (which is 256 bits for SHA256) unneedsderlying the PRF, but since
> you're signing the hash of the handshake data, you've no more security
> than the collision resistance of the hash which is 128 bites for SHA256.

For the hash function collision over a handshake to be a problem there 
should to be a setting in which a collision of the hash output value 
over *any* two handshakes poses a problem.

Statements about *this* particular handshake still fall under MAC usage. 
This case seems to apply here because each peer is hashing "his" packets 
and that is the hash value that needs to match.

v2.23.0 | Report a Bug | By Email