[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Truncated HMAC

To: <mike-list@xxxxxxxxx>, <tls@xxxxxxxx>
Subject: RE: [TLS] Truncated HMAC
From: <Pasi.Eronen@xxxxxxxxx>
Date: Mon, 20 Nov 2006 15:52:02 +0200
Cc:
In-reply-to: <455CFC56.3070400@xxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Thread-index: AccJ3PPKMzp0VAsNQ/KUUT9TNPbFewCy+K0g
Thread-topic: [TLS] Truncated HMAC

Mike <mike-list@xxxxxxxxx> wrote:

> Then I would propose changing "CipherSpec.hash_size" to 
> CipherSpec.mac_length so that "hash_size" does not have
> two related but different meanings.

The spec actually never defines a structure named "CipherSpec",
so we need some more changes to make this consistent (and yes,
this was inconsistent already in RFC2246...). Here's my 
proposal:

- Rename "CipherSpec.hash_size" with "SecurityParameters.mac_length"
- Add field called "mac_key_length" to SecurityParameters structure,
  and use this when defining client/server_write_MAC_secret
- Rename field "key_material_length" (in SecurityParameters) to
  "enc_key_length"

And other consistency corrections:

- Remove field "key_size" from SecurityParameters structure 
  (it's not used or mentioned anywhere in the document!)
- Replace "CipherSpec.cipher_type" with "SecurityParameters.
  cipher_type" (the field is already there)
- Replace "CipherSpec.block_length" with "SecurityParameters.
  block_length", and add field called "block_length" to 
  SecurityParameters.
- Replace "CipherSpec.iv_length" with "SecurityParameters.
  iv_length", and add field called "iv_length" to  
  SecurityParameters.

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Truncated HMAC
  - From: Mike

Prev by Date: Re: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
Next by Date: [TLS] PRF proposal
Previous by thread: Re: [TLS] Truncated HMAC
Next by thread: RE: [TLS] Truncated HMAC
Index(es):
- Date
- Thread