https://github.com/tlswg/tls13-spec/issues/964
Hi folks, It was raised during the WG meeting in Chicago that some of the labels have gotten a bit long and after checking it seems like many of them push us into two hash blocks, which seems silly. Here is a proposed set of new labels, which, while slightly less clear, all fit into the 18 byte limit which Ilari (and I agree) says is what we have. external binder # was external psk binder key resumption binder # was resumption psk binder key client e. traffic # was client early traffic e. exporter master # was early exporter master secret client hs traffic # was client handshake traffic secret server hs traffic # was server handshake traffic secret client app traffic # was client application traffic secret server app traffic # was server application traffic secret exporter master # was exporter master secret resumption # was resumption master secret key # was key iv # was iv finished # was finished traffic key update # was application traffic secret exporter # was exporter Note that this actually pushes us into multiple hash blocks anyway if we compute > 1 output block, but I don't believe that ever happens except for very silly uses of exporters. I would appreciate a double check that haven't accidentally made one >18 or duplicated or something. If anyone has strong opinions about these, please let me know by Wednesday. Otherwise, I'll merge them into the draft. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
