Hi Peter,
Yes, that sentence is what made me think it must be over decrypted messages but
I wanted to double check as it's not clearly stated.
Thanks for confirming!
Hubert
On 11/21/17 19:59, Peter Wu wrote:
Hi Hubert,
On Tue, Nov 21, 2017 at 07:38:16PM -0800, Le Van Gong, Hubert wrote:
Greetings,
Probably a trivial question but is the transcript hash (during handhsake)
calculated over decrypted versions of messages like EncryptedExtensions or
certificate or is it done over the raw/encrypted messages?
I could not find an exact confirmation in the spec.
It covers the decrypted handshake messages, see
https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.4.1
This value is computed by hashing the concatenation
of each included handshake message, including the handshake message
header carrying the handshake message type and length fields, but not
including record layer headers
(The only way to know the message type is to have it in cleartext.)
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
