On Thu, Dec 31, 2015 at 9:43 AM, Adam Langley <a...@imperialviolet.org> wrote:
> On Wed, Dec 30, 2015 at 7:40 PM, Brian Smith <br...@briansmith.org> wrote: > > When you say "the plan," whose plan are you referring to? If you read > that > > whole thread, there was a lot of well-founded opposition to that plan. > And, > > that plan was never carried out. That is plain to see, as there was > never a > > draft submitted with such a change. > > I'm no expert on IETF processes but the draft was already in a late > stage at the time when that came up and I think it was last the point > for a -12? The revision that's currently in AUTH48 with the RFC Editor > contains the change from MUST to MAY. > > > Not if the implementation doesn't implement RSA or finite-field DH. > > I think ekr's post, just previous, reflects my understanding here. For > the vast majority of implementations, session-hash is needed because > non-contributory key-exchange mechanisms will be included. If you do > happen to have an implementation that only implements ECDHE with > cofactor 1 curves or X25519 or X448, then I guess you could get away > without implementing session hash, but I'd still implement session > hash anyway. > FWIW, I don't believe that it's significantly harder to implement TLS w/ session hash than TLS w/o session hash. You have to do the extension but since you can just fail any handshake in which it's not offered, this isn't that bad. What's expensive is supporting *both* session hash and non session hash (at least that's what we found in NSS). Having said that, I think I'd be fine with a TLS draft that said that > the zero check should (or must) be done because I think that it should > be done in general. > As would I. -Ekr > > Cheers > > AGL > > -- > Adam Langley a...@imperialviolet.org https://www.imperialviolet.org > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
