[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] PRF in TLS 1.2

To: tls@xxxxxxxx
Subject: Re: [TLS] PRF in TLS 1.2
From: Wan-Teh Chang <wtchang@xxxxxxxxxx>
Date: Wed, 27 Sep 2006 07:30:39 -0700
Cc:
In-reply-to: <86k6403hqq.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <450F222D.2020706@xxxxxxxxxx> <86k6403hqq.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0b1pre (Windows/20060923)

Eric Rescorla wrote:


The new PRFs that people seem interested in are:

1. The GOST PRF (draft-chudov-cryptopro-cptls-03.txt)


The GOST PRF, PRF_GOSTR3411, is defined in RFC 4357 as

  PRF_GOSTR3411(secret,label,seed) = P_GOSTR3411 (secret,label|seed)

  where '|' stands for concatenation.

It is actually an instance of the default TLS 1.2 PRF,
with <hash> = the GOST R 34.11-94 hash function.  This
isn't a coincidence, is it?

2. The FIPS 800-56A KDF.


Appendix A, Item 8 of NIST SP 800-56A says this KDF
comes from ANS X9.42 and X9.63, but NIST made some minor
(and perhaps subtle) changes (e.g., the order of the counter
and secret is reversed).  I don't know if this KDF is
used in any other standard or protocol.

Perhaps we should ask NIST if P_SHA-1, P_SHA-256, and
P_SHA-384 are allowed in TLS in FIPS mode.

Wan-Teh


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] PRF in TLS 1.2
  - From: Wan-Teh Chang
- Re: [TLS] PRF in TLS 1.2
  - From: Eric Rescorla

Prev by Date: [TLS] Buffering handshake messages for verify_data in the TLS 1.2 I-D
Previous by thread: Re: [TLS] PRF in TLS 1.2
Next by thread: RE: [TLS] PRF in TLS 1.2
Index(es):
- Date
- Thread