Hi Ben,
Sure, there's pretty standard common-knowledge guidance, though I'm not
sure it's documented anyplace particularly discoverable:
- include in the MAC as much application/protocol context and protocol
fields as you can without breaking operation of the procotol
- ensure that the mapping from (set of protocol fields and values derived
from application context) to (bytes given as input to the MAC function) is
an injective mapping
In some (many?) cases, there is not any additional contextual information
available, and the protocol header itself has a deterministic/fixed-length
encoding, so both points can be achieved by just using the protocol
header/payload as it appears on the wire as MAC input. For better or for
worse, the current construction in the -07 diverges significantly from the
actual protocol header, so we have to do a bit of thinking to ensure that
we are compliant to the guidelines (that I just described, so I assume you
did not previously think about them in that formulation).
Hope, I'm not again catched by my bad english :-):
If the forumlation refers to draft-ietf-tls-dtls-connection-id-07 (and
not my e-mails), I can't say, what was thought or not by the authors. My
role in that discussion quite a year ago, was just to ask, which of the
many variants should then be chosen in order not to change it every year.
That's also the main thing, which drives me to this endless discussion.
If it changes again, try to change it that last time.
best regards
Achim Kraus
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
