> You're referring the editor's copy (WIP-11), right? Yes. ... > I was just going over this text today and realized it's kind of confusing > (and the whole "handshake_hash" abstraction is starting to be less useful > in light of the PR#316 reframing of the authentication block).
Yes, the "handshake hash" is indeed confusing. Specifying something like "all messages up to <some point>" is simple enough. But there are several such points, used at different stages. Server Hello, Server certificate verify, Server Finished, Client certificate verify, Client finished.. It would be a bit more clear to give each of them its own name. > Unless I'm confused (which is possible given the time of night), > the intention, as you say, is to separate out the 0-RTT handshake > messages i.e., (cert, cert verify, finished) from the 1-RTT computations. OK. That does not simplify implementations using running hashes... > Trying to figure out the best way to clarify this text. PRs welcome :) Yes of course... -- Christian Huitema _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
