On Sep 2, 2020, at 3:30 AM, John Mattsson <john.matts...@ericsson.com> wrote: >> I can tell you what Windows is doing for TLS 1.2; and Windows interops with >> all the TEAP implementations that I know of, so others are likely doing the >> same. We're using the MAC function in the case of a CBC block cipher suite, >> or PRF hash function in the case of an AEAD cipher suite. Yes, it's >> unspecified, but I believe most TLS libraries abstracts the difference away, >> so it went unnoticed. I imagine it may have gone unnoticed by other >> implementations as well. > > Should we document this behavior for TLS 1.2 in the draft? I.e. the PRF hash > function in HMAC mode for AEAD cipher suites and the MAC function for > non-AEAD cipher suites.
Yes. Any suggested text? I'm not overly familiar with TLS 1.3, so I don't want to suggest the wrong thing. >> Rather than locking in another dependency such as SHA256, I wonder if this >> calculation should also use a hash function derived from the TLS handshake? > > That is a much better idea! It is not necessary to update any TEAP TLS 1.2 > code, but it definitely feels like a worthwhile thing to do when the > implementation is anyway updated for TLS 1.3. Can we use the same hash functions as above? If so, what would the text look like? Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
