Hi, While trying to implement NewSessionTicket, I have noticed that resumption_psk is derived from resumption_secret.
Is there any need to expand resumption_psk from resumption_secret? To me, it is unclear why resumption_secret cannot be used directly as a psk, since the two values have the same lengths and since the secret is only used for deriving the psk. Maybe is this something we could also simplify? 2016-10-18 5:08 GMT+09:00 Eric Rescorla <e...@rtfm.com>: > Hi folks, > > https://github.com/tlswg/tls13-spec/pull/699/files > > A while back Steven Valdez pointed out that now that we have the PSK binder > change and dual key ladders, each set of traffic keys is generated from a > different > base secret which has a label folded in [0], so we don't need to have the > "phase" parameter in the traffic key calculation in Section 7.3, which > simplifies things > a bit. Due to an oversight, this didn't make it into the PR, but it seems > straightforward. > > Please let me know ASAP if I have missed something here or you otherwise > object. > > -Ekr > > > [0] client_early_traffic_secret, [sender]_handshake_traffic_secret, > [sender]_traffic_secret_N respectively > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Kazuho Oku _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
