[TLS] What does it mean to not include 0-RTT message in the handshake hash?
Christian Huitema <huitema@microsoft.com> Tue, 22 December 2015 01:49 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89E411AD066 for <tls@ietfa.amsl.com>; Mon, 21 Dec 2015 17:49:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXxEmkYCuNKe for <tls@ietfa.amsl.com>; Mon, 21 Dec 2015 17:49:34 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0145.outbound.protection.outlook.com [65.55.169.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711B01AD063 for <tls@ietf.org>; Mon, 21 Dec 2015 17:49:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yfRHxyx32MtpL44xe646MEddPc84HEKyLD0aZnf6NJk=; b=HAM9Mggijdc/nr7acVFiFfCUHT2zmzXoXevgAzaeLNKPaeLpXD/DG3TJegNhTRkBPg8Fj9rdqZ808fibKS6TKcG7wC8XcUP2mANj/TaxrnNi/YlKP8kJIXy0lBiiqsHsPFG7qpZ986JjP3nWy1Yxu8Z29P8sVDis88OvevxV6S0=
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0653.namprd03.prod.outlook.com (10.160.96.15) with Microsoft SMTP Server (TLS) id 15.1.361.13; Tue, 22 Dec 2015 01:49:32 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0361.006; Tue, 22 Dec 2015 01:49:32 +0000
From: Christian Huitema <huitema@microsoft.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: What does it mean to not include 0-RTT message in the handshake hash?
Thread-Index: AdE8WUzTusUbdu5EQyy4pojDDNAspQ==
Date: Tue, 22 Dec 2015 01:49:32 +0000
Message-ID: <DM2PR0301MB06555FC15830293E0C4E381AA8E50@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=huitema@microsoft.com;
x-originating-ip: [131.107.160.143]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0653; 5:tIFDYKAPV7QmEeu05Mpv65G1VP1OOTt9TSneGFsUOMH8esmx8SeyXAPWcHAihOWMRo6DO74yCRohtvH3LePFY4OS1gsqs2JBkVxqdBvpt09cGe0ZGzzCI4bwMtOM7bw6COz8GpsV9Kzskv0fHv7//Q==; 24:lXn7eRLuLIQQVxId0Was+E2eA1dX1+cRge5nArcscL70mBVsqO/L5+b5YjGrzdDDK3XQdddpXB3e37HJ/iTSIlU0Pisf/VJuZ7daYJXUl20=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0653;
x-o365eop-header: O365_EOP: Allow for Unauthenticated Relay
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
x-microsoft-antispam-prvs: <DM2PR0301MB0653A09AD3EE690422C8A572A8E50@DM2PR0301MB0653.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:DM2PR0301MB0653; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0653;
x-forefront-prvs: 0798146F16
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(76576001)(5004730100002)(40100003)(50986999)(86362001)(66066001)(77096005)(102836003)(3846002)(54356999)(86612001)(87936001)(5008740100001)(2900100001)(122556002)(5002640100001)(92566002)(5003600100002)(6116002)(10290500002)(10400500002)(5005710100001)(450100001)(8990500004)(2501003)(1730700002)(81156007)(110136002)(5001960100002)(229853001)(189998001)(107886002)(10090500001)(74316001)(97736004)(99286002)(586003)(33656002)(11100500001)(1220700001)(2351001)(1096002)(101416001)(106356001)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0653; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Dec 2015 01:49:32.5278 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0653
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/yjIwm4CHHddNSiAlWREHcQwsIdY>
Subject: [TLS] What does it mean to not include 0-RTT message in the handshake hash?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2015 01:49:36 -0000
The handshake hash specification in section 7.1 says: Where handshake_hash includes all messages up through the server CertificateVerify message, but not including any 0-RTT handshake messages (the server's Finished is not included because the master_secret is need to compute the finished key). What are the 0-RTT handshake messages that should be excluded? The diagram in 6.2.2 shows the client hello and its extensions, the optional client cert and client cert verify, and a finished message. Presumably, the handshake hash does not exclude the client hello. What is the intent there? Is the sentence meant to exclude the 0-RTT cert, cert verify and finished messages? -- Christian Huitema
- [TLS] What does it mean to not include 0-RTT mess… Christian Huitema
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Christian Huitema
- Re: [TLS] What does it mean to not include 0-RTT … Martin Thomson
- Re: [TLS] What does it mean to not include 0-RTT … Dave Garrett
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Christian Huitema
- Re: [TLS] What does it mean to not include 0-RTT … Dave Garrett
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Dave Garrett
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Dave Garrett
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Ilari Liusvaara
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Dave Garrett
- Re: [TLS] What does it mean to not include 0-RTT … Christian Huitema
- Re: [TLS] What does it mean to not include 0-RTT … Dave Garrett
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Ilari Liusvaara
- Re: [TLS] What does it mean to not include 0-RTT … Eric Rescorla
- Re: [TLS] What does it mean to not include 0-RTT … Christian Huitema
- Re: [TLS] What does it mean to not include 0-RTT … Ilari Liusvaara