Question on Post-Handshake Authentication (PHA): PHA can occur multiple times over a connection. The description for the "Handshake Context” is as follows (4.4):
| | | | | Post- | ClientHello ... client | client_application_traff | | Handshake | Finished + | ic_secret_N | | | CertificateRequest | | +-----------+----------------------------+--------------------------+ Now, PHA costs of: S>C: CertificateRequest followed by: C>S: Certificate+CertificateVerify+client Finished This could be interpreted to mean that these PHA messages are included in the Handshake Context. However, Section 4.4.1 states: For concreteness, the transcript hash is always taken from the following sequence of handshake messages, starting at the first ClientHello and including only those messages that were sent: ClientHello, HelloRetryRequest, ClientHello, ServerHello, EncryptedExtensions, server CertificateRequest, server Certificate, server CertificateVerify, server Finished, EndOfEarlyData, client Certificate, client CertificateVerify, client Finished. I want to confirm that the PHA handshake context consists only of the messages listed in section 4.4.1 from the initial handshake, and do not include any of the messages from intermediate PHA exchanges. Thank you, -- -Todd Short // tsh...@akamai.com<mailto:tsh...@akamai.com> // "One if by land, two if by sea, three if by the Internet."
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
