[TLS] New drafts: adding input to the TLS master secret

Paul Hoffman <paul.hoffman@vpnc.org> Sat, 30 January 2010 00:11 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 3CEB83A67F3 for <tls@core3.amsl.com>; Fri, 29 Jan 2010 16:11:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.084
X-Spam-Status: No, score=-6.084 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5CT5tH20QqZT for <tls@core3.amsl.com>; Fri, 29 Jan 2010 16:11:32 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM []) by core3.amsl.com (Postfix) with ESMTP id DA5D93A68B8 for <tls@ietf.org>; Fri, 29 Jan 2010 16:11:25 -0800 (PST)
Received: from [] (75-101-30-90.dsl.dynamic.sonic.net []) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o0TNgRhv021967 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Fri, 29 Jan 2010 16:42:29 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624089bc78922bdaddd@[]>
Date: Fri, 29 Jan 2010 15:42:26 -0800
To: tls@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: [TLS] New drafts: adding input to the TLS master secret
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2010 00:11:39 -0000

Greetings again. I have submitted two drafts that are probably of interest to some people in the TLS WG. I intend to submit them as individual submissions, not through the WG, but getting input from the WG before I do so would be great.

The first document changes the TLS/DTLS master secret calculation when there are particular kinds of extensions present. Of course, it does not change the calculation when those extensions are not present, and there are no extensions yet that would kick in the change.

The second document is an extension that is similar to the one that Ekr proposed over a year ago. It allows one or both parties to add more random input to the master secret calculation. This is desired by some organizations who want to match the guaranteed amount of randomness in the master secret calculation with the strength of the encryption and authentication functions.

Both documents are (purposely) short and hopefully easy to read. If you have any comments, send them to me or, if you think they pertain to the WG, maybe send them here. Again, these are not meant to be WG work items; I doubt that the effort to recharter and so on would be worth the value.

--Paul Hoffman

	Title		: Additional Master Secret Inputs for TLS
	Author(s)	: P. Hoffman
	Filename	: draft-hoffman-tls-master-secret-input-00.txt
	Pages		: 4
	Date		: 2010-1-29
   This document describes a mechanism for using additional master
   secret inputs with Transport Layer Security (TLS) and Datagram TLS

A URL for this Internet-Draft is:

	Title		: Additional Random Extension to TLS
	Author(s)	: P. Hoffman
	Filename	: draft-hoffman-tls-additional-random-ext-00.txt
	Pages		: 3
	Date		: 2010-1-29
   This document specifies a TLS/DTLS extension that uses the additional
   master secret inputs to achieve useful security properties.

A URL for this Internet-Draft is:

--Paul Hoffman, Director
--VPN Consortium