[TLS] PRF in TLS 1.2

[Wan-Teh Chang <wtchang@xxxxxxxxxx>]

Hi,

Could someone please post a description of what was decided
about the PRF in TLS 1.2 in the Montreal WG meeting?

The only documents I can find on this topic are:

- Slide 7 of Eric's presentation
 (http://www3.ietf.org/proceedings/06jul/slides/tls-1.pdf)

- Eric's TLS WG Summary
  http://www1.ietf.org/mail-archive/web/tls/current/msg00698.html

But I can't tell from the WG summary what was decided and whether
the proposal in Slide 7 was accepted.

I'd also like to know what new PRFs have been proposed, and who
the proponents are.

The reason I'm interested in the PRF issue is that TLS 1.0
required an official interpretation from NIST to be acceptable
for use in FIPS mode.  (See the letter from William Burr of NIST
in IG 7.1, http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf .
Search for "Burr" or "TLS" in that document.)  I hope we can
eliminate such FIPS compliance issues in TLS 1.2.

But it's not clear to me whether not using MD5 in the PRF would be
sufficient for the PRF to be FIPS compliant, or we'd also need
to use one of the KDFs specified in NIST SP 800-56A, Section 5.8.
(http://csrc.nist.gov/publications/nistpubs/800-56A/sp800-56A_May-3-06.pdf)

Wan-Teh Chang


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls