I think it's a typo. My understanding is EndOfEarlyData was meant to be in the transcript.
David On Fri, Mar 24, 2017 at 9:27 AM Matt Caswell <fr...@baggins.org> wrote: > In draft-19 EndOfEarlyData was changed from an alert to a handshake > message. Therefore I would have expected to see it included in the > calculation of the ClientFinished (where early data is accepted). > However section 4.4.4 defines the verify_data as follows: > > verify_data = > HMAC(finished_key, > Transcript-Hash(Handshake Context, > Certificate*, CertificateVerify*)) > > The Handshake Context is given as ClientHello...ServerFinished. > > Was the EndOfEarlyData deliberately omitted from the ClientFinished > calculcation? Or is this just a typo in section 4.4.4, i.e. should it > say: > > verify_data = > HMAC(finished_key, > Transcript-Hash(Handshake Context, > EndOfEarlyData*, Certificate*, > CertificateVerify*)) > > I am currently looking into an interop failure between the OpenSSL and > Haskell draft-19 implementations due to this. > > Thanks > > Matt > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
