Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

From: Douglas Stebila <douglas at stebila.ca>
To: IETF Discussion <ietf at ietf.org>
Cc: tls at ietf.org
Date: Tue, 21 Jul 2009 18:32:21 +1000
In-reply-to: <20090720164816.328D928C1C8 at core3.amsl.com>
References: <20090720164816.328D928C1C8 at core3.amsl.com>

I have implemented draft-ietf-tls-extractor-06 in the TLS v1.0implementation in OpenSSL. I found the draft easy to implement withno ambiguities or concerns. I believe that the functionality providedby the draft will be extremely valuable for building application-levelsecurity protocols and encourage its standardization.

It is my interpretation of the draft that it can be implemented in anyversion of TLS, not just TLS v1.2. Obviously the derived key may bedifferent if the underlying TLS PRF is defined differently (as it isfor TLS v1.2), but the draft is still well-defined for previousversions of TLS.

For those interested in the OpenSSL implementation, I have posted apage on my website with the patch.

	http://www.douglas.stebila.ca/code/keying-material-exporters/

In addition to a patch for OpenSSL, I have also done patches to Apacheand PHP to expose a PHP function that allows a PHP application toderive keying material from the underlying TLS connection according tothe draft specification.


Douglas

On 2009-Jul-21, at 2:48 AM, The IESG wrote:

The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:

- 'Keying Material Exporters for Transport Layer Security (TLS) '
  <draft-ietf-tls-extractor-06.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits

final comments on this action. Please send substantive comments tothe

ietf at ietf.org mailing lists by 2009-08-10. Exceptionally,
comments may be sent to iesg at ietf.org instead. In either case, please
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt


IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Prev by Date: SV: Stockholm airport
Next by Date: Re: [Trustees] Objection to reworked para 6.d (Re: Rationale for Proposed TLP Revisions)
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
Next by thread: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.