Re: [TLS] PRF in 1.3
mrex@sap.com (Martin Rex) Thu, 31 July 2014 16:23 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40D21A0194 for <tls@ietfa.amsl.com>; Thu, 31 Jul 2014 09:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tFf2Jnh1jvVS for <tls@ietfa.amsl.com>; Thu, 31 Jul 2014 09:23:38 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4F41A0180 for <tls@ietf.org>; Thu, 31 Jul 2014 09:23:37 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s6VGMmqM016462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 31 Jul 2014 18:22:48 +0200 (MEST)
In-Reply-To: <201407281624.10986.davemgarrett@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Date: Thu, 31 Jul 2014 18:22:47 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140731162247.6D6301ADDA@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/uRjTRatq-ivUGDZaftmF4cGqnzI
Cc: tls@ietf.org
Subject: Re: [TLS] PRF in 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2014 16:23:40 -0000
Dave Garrett wrote: > > https://github.com/tlswg/tls13-spec/issues/26 > > Issue #26 notes complication with the usage of a negotiable PRF. The > current suggestion mentioned was to consider removing PRF > negotiation in favor of SHA-256, calling it "good enough" until the next > protocol version. The PRF was already negotiable (i.e. depending on the cipher suite) in TLSv1.0. While this isn't spelled out in the TLSv1.0 spec, it is clear from the TLS WG discussions about TLSv1.0 and there is nothing in the TLSv1.0 spec that precludes it. There are implementations in active use with GOST-based TLS cipher suites, which replace the TLS PRF (and the hashes used within), and this is used with TLSv1.0. The I-D describing the cipher suites has never been completed, though: http://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04 and there also exist no code point assignments in the TLS registry, so using this with TLSv1.2 is not possible (only TLSv1.0 and TLSv1.1). The GOST signature algorithms described in that I-D have also been superseded by more recent ones, but there currently is no description for those either. Our TLS (v1.0) implementation contains a plugin interface which can replace the TLS PRF, just like Microsoft Windows XP(!) has such an interface. AFAIK, OpenSSL 1.0.0 also had support for GOST ciphersuites from the above draft. -Martin
- [TLS] PRF in 1.3 Dave Garrett
- Re: [TLS] PRF in 1.3 Andy Lutomirski
- Re: [TLS] PRF in 1.3 Michael StJohns
- Re: [TLS] PRF in 1.3 Michael StJohns
- Re: [TLS] PRF in 1.3 Martin Rex
- Re: [TLS] PRF in 1.3 Martin Rex
- Re: [TLS] PRF in 1.3 Henrik Grubbström
- Re: [TLS] PRF in 1.3 Michael StJohns
- Re: [TLS] PRF in 1.3 Michael StJohns
- Re: [TLS] PRF in 1.3 Andrey Jivsov