[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] Buffering handshake messages for verify_data in the TLS 1.2 I-D
I have a question about verify_data in the current TLS 1.2 I-D
(draft-ietf-tls-rfc4346-bis-01.txt).
struct {
opaque verify_data[12];
} Finished;
verify_data
PRF(master_secret, finished_label, MD5(handshake_messages) +
SHA-1(handshake_messages)) [0..11];
I understand that verify_data is incorrectly specified -- we're
going to feed in the handshake messages directly. But this
forces a TLS implementation to save the handshake messages until
the master secret has been computed. In TLS 1.0/1.1, we can feed
in the handshake messages to MD5 and SHA-1 immediately and only
need to keep the "contexts" for the running MD5 and SHA-1 hash
operations around. I didn't compared the memory usage of the two
schemes, but it's more programming work to buffer the handshake
messages until the master secret is available.
(In the NSS crypto library, the MD5 operation context is 88 bytes
and SHA-1 operation context is 160 or 248 bytes.)
Wan-Teh
_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls