[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Last look at TLS 1.2

To: <Pasi.Eronen@xxxxxxxxx>
Subject: Re: [TLS] Last look at TLS 1.2
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 01 Feb 2008 07:58:55 -0800
Cc: tls@xxxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F240533CCA1@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F240533CC73@xxxxxxxxxxxxxxxxxxxxxx> <B356D8F434D20B40A8CEDAEC305A1F240533CCA1@xxxxxxxxxxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

OK, I've now fixed this stuff in my local copy. I propose we wait
and see if anyone else has anything by like Monday and otherwise
I'll roll -10 and we can submit to Tim. WFY?

-Ekr


At Fri, 1 Feb 2008 12:34:33 +0200,
<Pasi.Eronen@xxxxxxxxx> wrote:
> 
> Three nits from my personal review:
> 
> Section 4.7: the example at the end of section isn't any more 
> fully correct with the changed definition of digitally-signed 
> (since the "digitally-signed" construct now includes the hashing 
> step). Suggested rephrasing:

Well, you could double hash, but i take your point.


>    In the following example
> 
>       stream-ciphered struct {
>           uint8 field1;
>           uint8 field2;
>           digitally-signed struct { 
>              opaque field3<0..255>;
>              uint16 field4;
>           };
>       } UserType;
> 
>    the contents of the inner struct (field3 and field4) are used 
>    as input for the signature/hash algorithm, and then the entire
>    structure is encrypted with a stream cipher. [...]
> 
> 
> 7.4.3/A.4.2, ServerKeyExchange definition: the second "case dhe_dss"
> should be "case dh_dss".

Fixed.


> 7.4.3 and A.4.2, KeyExchangeAlgorithm lists dh_anon twice

Doh! I added those cause I thought I had missed them and
my eyes have gone numb.


> Also couple of typos (could be fixed later, too):
> 
> 7.4.3/A.4.2: extra blank lines in definition of ServerKeyExchange.

You mean:

    };

} ServerKeyExchange;

Fixed.


> A.4.2: should delete descriptions of dh_p/dh_g/dh_Ys, since
>   the appendix is supposed to contain only the struct definitions

Agreed. I'm finding it a real pain to keep these harmonized.
Next time I do one of these I'm going to have some auto-appendicizer :)

> 7.4.7/A.4.3, weird indentation (and extra blank lines) in definition
>   of ClientKeyExchange.
The extra blank line was intentional for readability, but now that
you seay it, sure.


> 4.6.1, the example struct has weird indentation around the 
>   orange/banana cases.
These are fixed.

> 4.7, "pplus" -> "plus"
> 7.4.7.1, "premaster_secert" -> "premaster_secret"
> References: [IDEA] is not cited anywhere, can be removed 

Fixed.
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
http://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Last look at TLS 1.2
  - From: Pasi.Eronen
- Re: [TLS] Last look at TLS 1.2
  - From: Pasi.Eronen

Prev by Date: Re: [TLS] ECDHE_PSK as WG item?
Previous by thread: Re: [TLS] Last look at TLS 1.2
Next by thread: ietf.org mailing list memberships reminder
Index(es):
- Date
- Thread