On Tue, Oct 13, 2020 at 06:50:52AM +0200, Achim Kraus wrote: > Hi Ben, > > > Sure, there's pretty standard common-knowledge guidance, though I'm not > > sure it's documented anyplace particularly discoverable: > > > > - include in the MAC as much application/protocol context and protocol > > fields as you can without breaking operation of the procotol > > - ensure that the mapping from (set of protocol fields and values derived > > from application context) to (bytes given as input to the MAC function) > > is > > an injective mapping > > > > In some (many?) cases, there is not any additional contextual information > > available, and the protocol header itself has a deterministic/fixed-length > > encoding, so both points can be achieved by just using the protocol > > header/payload as it appears on the wire as MAC input. For better or for > > worse, the current construction in the -07 diverges significantly from the > > actual protocol header, so we have to do a bit of thinking to ensure that > > we are compliant to the guidelines (that I just described, so I assume you > > did not previously think about them in that formulation). > > > > Hope, I'm not again catched by my bad english :-):
Sorry, my writing became less clear when I attempted to edit it :( > If the forumlation refers to draft-ietf-tls-dtls-connection-id-07 (and > not my e-mails), I can't say, what was thought or not by the authors. My > role in that discussion quite a year ago, was just to ask, which of the > many variants should then be chosen in order not to change it every year. I was just saying "I only told you the list of two things that are the standard guidance just now; I don't expect that you used those two things as part of your thought processes before I told them to you". -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
