[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] PRF in TLS 1.2

To: "'ext Peter Gutmann'" <pgut001@xxxxxxxxxxxxxxxxx>, <tls@xxxxxxxx>
Subject: RE: [TLS] PRF in TLS 1.2
From: "Pasi Eronen" <pasi.eronen@xxxxxxxxx>
Date: Thu, 28 Sep 2006 18:19:29 +0300
Cc:
In-reply-to: <E1GSTvB-0003Uh-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Thread-index: AcbiCBSJF0LpMPzRRbi8UyHikQR24QBBSCbw

Peter Gutmann wrote:
> This is a completely unnecessary change, it gratuitously breaks
> compatibility with the existing PRF, it provides no extra security
> (that anyone knows of), and by eliminating the current
> belt-and-suspenders design, it may even reduce the overall security.
> If new research appears showing that (a) there's a problem in the
> current design and (b) a new, demonstrably more secure design, then
> let's switch.  But changing the design simply because we haven't
> changed anything else for awhile and we need to meet some quota for
> new text in the next draft (or whatever's motivating the current
> change) is not only pointless, it's counterproductive.

Our WG charter explicitly warns about "gratuitous changes", and
I guess you're worried that this is such a change? But I'd like 
to understand better your dislike of Eric's proposal...

Would you prefer that the default PRF (for ciphersuites that
don't specify anything else, including all current ciphersuites)
would be the current TLS 1.0/1.1 PRF? 

But still allow new cipher suites to define other PRFs, as long 
as they use the same "API" (arbitrary-length secret, label and 
seed in, sufficiently-long byte string out)?

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] PRF in TLS 1.2
  - From: David Hopwood

References:
- Re: [TLS] PRF in TLS 1.2
  - From: Peter Gutmann

Prev by Date: [TLS] RE: [IANA #12633] General Request for Assignments (TLS parameters)
Next by Date: RE: [TLS] PRF in TLS 1.2
Previous by thread: RE: [TLS] PRF in TLS 1.2
Next by thread: Re: [TLS] PRF in TLS 1.2
Index(es):
- Date
- Thread