On Mon, Apr 24, 2017 at 05:56:58AM -0700, Eric Rescorla wrote: > https://github.com/tlswg/tls13-spec/issues/964 > > Here is a proposed set of new labels, which, while slightly less clear, all > fit > into the 18 byte limit which Ilari (and I agree) says is what we have.
Doing a santiy check... > external binder # was external psk binder key > resumption binder # was resumption psk binder key > client e. traffic # was client early traffic Isn't the previous label "client early traffic secret"? > e. exporter master # was early exporter master secret > client hs traffic # was client handshake traffic secret > server hs traffic # was server handshake traffic secret > client app traffic # was client application traffic secret > server app traffic # was server application traffic secret > exporter master # was exporter master secret > resumption # was resumption master secret > key # was key > iv # was iv > finished # was finished > traffic key update # was application traffic secret > exporter # was exporter Seems to be missing: derived secret # was derived secret All look to fit into 18 bytes and none seem to be duplicated. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
