On Fri, Jul 15, 2016 at 11:39 AM, David Benjamin <david...@chromium.org> wrote:
> Every time resumption_context is used, it's fed into the PRF hash. > Handshake Context gets hashed since that actually expands to the full > concatenation and we want to be able to maintain a rolling hash. > But resumption_context is always a short value and is already the size of > the PRF hash. (If not resuming, it is the zero key, which is sized > appropriately. If resuming, it is the size of the PRF hash of the original > connection. But we require that resumptions use the same PRF, so that too > will be the right size.) > > Was there some other reason we needed to hash it, or is a guarantee of > constant size sufficient to use it directly? If it still needs to be > hashed, it seems we ought to redefine resumption_context to be > Hash(HKDF-Expand-Label(...)) instead, mostly as a hint to implementors that > one may as well store the final value in the ticket. > I didn't have a good reason. It was just giving me the heebie jeebies (technical term) to append something that wasn't hashed to something that was. -Ekr > > David > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
