RE: [TLS] Issue 49: Finished.verify length

To: <bmoeller at acm.org>, <ekr at networkresonance.com>
Subject: RE: [TLS] Issue 49: Finished.verify length
From: <Pasi.Eronen at nokia.com>
Date: Fri, 14 Sep 2007 14:40:11 +0300
Cc: tls at ietf.org
In-reply-to: <20070914090853.GA20702@tau.invalid>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070913183453.D32DD33C21@delta.rtfm.com><46E9D35F.60904@pobox.com><20070914040741.3473733C3A@delta.rtfm.com> <20070914090853.GA20702@tau.invalid>
Thread-index: Acf2rvJYY0q1z1kYSP6JGLCGhoYdvAAFC7DQ
Thread-topic: [TLS] Issue 49: Finished.verify length

Bodo Moeller wrote:
> But you don't need a very long verify_data.  We also don't need 
> very long record-layer MACs.  Both are needed only for real-time
> authentication, which cannot be attacked after the fact. 

This is true; but reasonable people seem to have different opinions 
on what exactly is "sufficiently long". For example, RFC 4106 specifies
three different choices for ICV (MAC) length (128/192/256 bits).

My suggestion was *not* to increase the current length, but rather 
to add "agility" for this parameter as well (so that we don't
need to revisit the TLS base spec if, e.g., some future cipher 
suite wants to have all the pieces at 256-bit level).

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 49: Finished.verify length
  - From: Bodo Moeller

References:
- [TLS] Issue 49: Finished.verify length
  - From: Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length
  - From: Mike
- Re: [TLS] Issue 49: Finished.verify length
  - From: Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length
  - From: Bodo Moeller

Prev by Date: Re: [TLS] Issue 49: Finished.verify length
Next by Date: Re: [TLS] Issue 49: Finished.verify length
Previous by thread: Re: [TLS] Issue 49: Finished.verify length
Next by thread: Re: [TLS] Issue 49: Finished.verify length
Index(es):
- Date
- Thread

RE: [TLS] Issue 49: Finished.verify length

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.