To confirm, TLSInnerPlaintext.type and TLSInnerPlaintext.zeros are not part of the handshake messages, and therefore are not included in the transcript hash?
Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Peter Wu Sent: Tuesday, November 21, 2017 7:59 PM To: Le Van Gong, Hubert <hub...@levangong.org> Cc: tls@ietf.org Subject: Re: [TLS] Transcript-Hash during Handshake Hi Hubert, On Tue, Nov 21, 2017 at 07:38:16PM -0800, Le Van Gong, Hubert wrote: > Greetings, > > Probably a trivial question but is the transcript hash (during > handhsake) calculated over decrypted versions of messages like > EncryptedExtensions or certificate or is it done over the raw/encrypted > messages? > I could not find an exact confirmation in the spec. It covers the decrypted handshake messages, see https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-tls-tls13-21%23section-4.4.1&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5f27ddaec3b4434c6d8c08d5315d6d6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469199703666199&sdata=KKJRCPF%2BNTbh0LGMZG2zRZQW9NK8tgeP1Ws07n4Wanc%3D&reserved=0 This value is computed by hashing the concatenation of each included handshake message, including the handshake message header carrying the handshake message type and length fields, but not including record layer headers (The only way to know the message type is to have it in cleartext.) -- Kind regards, Peter Wu https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flekensteyn.nl&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5f27ddaec3b4434c6d8c08d5315d6d6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469199703666199&sdata=aRZZ0GYkqQEaHN1lsEXjAjetzsXgfnRiITpqulNoFYk%3D&reserved=0 _______________________________________________ TLS mailing list TLS@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5f27ddaec3b4434c6d8c08d5315d6d6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469199703666199&sdata=IDfdpwgg1JsBr%2BijxbZvRRzVVb5i5D3aIuEttiR0eDk%3D&reserved=0 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
