Eric Rescorla <e...@rtfm.com> writes: > On Thu, Oct 8, 2015 at 11:29 AM, Simon Josefsson <si...@josefsson.org> > wrote: > >> The notes from the interim meeting mentions 'tls-unique' and points to >> issue #228 on github. I want to get your attention on the draft below. >> Doesn't it do what you are looking for? There is a little in the way of >> a problem statement in the TLS interim meeting notes, so it is hard to >> tell what the perceived problem with 'tls-unique' is in this context. >> Does my draft need to be updated for TLS 1.3 in any way? It might serve >> as a starting point for future work. >> >> https://tools.ietf.org/html/draft-josefsson-sasl-tls-cb-03 > > > Well, TLS 1.3 doesn't have a PRF, but instead explicitly uses HKDF. > > With that said, I don't really understand the structure of your draft: > Instead of referencing the PRF and session_hash directly, why not instead > use RFC 5705 exporters and require the use of the session_hash > extension?
The introduction says: There exists a TLS extension [I-D.ietf-tls-session-hash] that modify TLS so that the definition of 'tls-unique' [RFC5929] has the intended properties. If widely implemented and deployed, the channel binding type in this document would not offer any additional protection. The purpose of this document is to provide an alternative channel binding that offers the intended properties without requiring TLS protocol changes. However, keep in mind that TLS implementations needs to offer the appropriate APIs necessary to be able to implement the channel binding described in this document. I agree that one alternative is to require session_hash for all connections. But then what is the problem with use of 'tls-unique'? The github issue and the interim notes aren't clear on that. > Then TLS 1.3 can just define exporters for 1.3 and we'll be done. Right. My draft intends to use TLS exporters but I see that it isn't aligned with RFC 5705. /Simon
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
