[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] PRF proposal

To: <tls@xxxxxxxx>
Subject: [TLS] PRF proposal
From: <Pasi.Eronen@xxxxxxxxx>
Date: Mon, 20 Nov 2006 16:12:38 +0200
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Thread-index: AccMre79MbTu6mNxRWmosKX29MV6xw==
Thread-topic: PRF proposal

Hi,

We had a rather complicated discussion about the PRF issue in San
Diego, and in the end we did not take a humm because it was not quite
clear what the alternatives we would be choosing from really are (or
whether the proposed alternatives really were different at all).

Here's a strawman proposal that tries to capture the comments
made in San Diego:

o  Future documents that define ciphersuites must explicitly say 
   either that (1) "the ciphersuites defined in this document use 
   the default PRF for the negotiated TLS version", or (2) "the 
   ciphersuites defined in this document use the following PRF: 
   (details of the PRF)".

   Especially documents that use something better than SHA-256 for
   integrity protection should use the latter choice (presumably
   defining a PRF based on the algorithm it considered "better
   than SHA-256"). Other documents might prefer choice 1 since 
   that  would avoid updating them if someday we define TLS 1.3 
   or something.

o  In 4346bis, define the "default PRF for TLS 1.2" as P_SHA256.

o  In 4346bis, specify that all ciphersuites defined in old 
   documents predating the above-mentioned requirement use 
   choice 1 ("the default PRF for the negotiated TLS version").
   (Already implied by the earlier decision.)

o  Specify that all ciphersuites defined in 4346bis use choice 1.

Would this be satisfactory to everyone? Any other comments?

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Prev by Date: RE: [TLS] Truncated HMAC
Next by Date: RE: [TLS] Truncated HMAC
Previous by thread: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
Next by thread: RE: [TLS] PRF proposal
Index(es):
- Date
- Thread