Landed. Also, see the follow up PR to make implementation easier: https://github.com/tlswg/tls13-spec/pull/904
On Thu, Mar 9, 2017 at 4:41 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Thu, Mar 09, 2017 at 12:50:03PM +0100, Hubert Kario wrote: > > On Thursday, 9 February 2017 22:17:33 CET Eric Rescorla wrote: > > > Hi folks, > > > > > > We need to close on an issue about the size of the > > > state in the HelloRetryRequest. Because we continue the transcript > > > after HRR, if you want a stateless HRR the server needs to incorporate > > > the hash state into the cookie. However, this has two issues: > > > > Isn't the whole CH2 supposed to be deterministically created from CH1 > and HRR? > > No. > > Neither CH1 nor CH2 are deterministic w.r.t. one another. > > > So you should be able (as the server) to recreate the CH1 given the hash > (or > > better yet, keyed HMAC) of the CH1 fairly easily? Bonus point: you > > automatically reject technically malformed CH2 messages (ones with more > > changes than prescribed) as you won't be able to create a CH1 that > creates the > > matching HMAC. > > Actually, you can't create CH1 from just CH2. Back some versions it was > merely very annoying to do so, now (as in -18), you can't do it at all. > > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
