See full thread here https://mailarchive.ietf.org/arch/msg/tls/cS4vdMvENOGdpall7uos9iwZ5OA/
See also how this helped analysis here (search for reference [73] https://inria.hal.science/hal-01528752v3/file/RR-9040.pdf On Sat, Dec 16, 2023 at 1:16 PM Muhammad Usama Sardar < muhammad_usama.sar...@tu-dresden.de> wrote: > Hi all, > In the key schedule (section 7.1) of RFC8446(bis), what is the rationale > for using *Derive-Secret(., "derived", "")* in the derivations of > Handshake and Master Secrets? Since this change was made in draft 19, I > expect there should be some reasoning of why this was added. Specifically, > what are the security implications if this step is missed, i.e., > > - if Early Secret is directly used as the Salt argument for > HKDF-Extract of Handshake Secret; > - and similarly if Handshake Secret is directly used as the Salt > argument for HKDF-Extract of Master Secret. > > Regards, > > Usama > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
