Re: [TLS] Issue 49: Finished.verify length

[Eric Rescorla <ekr at networkresonance.com>]

At Fri, 14 Sep 2007 15:56:43 +0300,
<Pasi.Eronen at nokia.com> wrote:
> 
> Bodo Moeller wrote:
> 
> > > My suggestion was *not* to increase the current length, but rather 
> > > to add "agility" for this parameter as well (so that we don't
> > > need to revisit the TLS base spec if, e.g., some future cipher 
> > > suite wants to have all the pieces at 256-bit level).
> > 
> > OK, this makes perfect sense!  The question as cited here was,
> > should the verify_data length depend *on the PRF*.  It shouldn't;
> > but that doesn't mean we can't allow individual ciphersuites to
> > specify their preferred verify_data lengths.
> 
> The PRF depends on the ciphersuite, so having the verify_data length
> depend on the PRF (or in other words: specifying the verify_data
> length at the same place as the PRF) would be one relative simple
> approach. 
> 
> (But we could allow different ciphersuites using the same PRF
> to use different verify_data lengths as well)

I'm still trying to understand the rationale for why it makes sense
to have a verify_data != 12 bytes. Pasi, could you elaborate?

Thanks,

-Ekr

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls