RE: [TLS] Issue 49: Finished.verify length

To: <ekr at networkresonance.com>
Subject: RE: [TLS] Issue 49: Finished.verify length
From: <Pasi.Eronen at nokia.com>
Date: Fri, 14 Sep 2007 17:28:24 +0300
Cc: tls at ietf.org
In-reply-to: <20070914141809.2439533C21@delta.rtfm.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070914090853.GA20702@tau.invalid><B356D8F434D20B40A8CEDAEC305A1F2404937712@esebe105.NOE.Nokia.com><20070914120310.GA29073@tau.invalid><B356D8F434D20B40A8CEDAEC305A1F2404937802@esebe105.NOE.Nokia.com> <20070914141809.2439533C21@delta.rtfm.com>
Thread-index: Acf22pgrtfelhW9rToKBwV/XDLEbTQAACktA
Thread-topic: [TLS] Issue 49: Finished.verify length

Eric Rescorla wrote:

> I'm still trying to understand the rationale for why it makes sense
> to have a verify_data != 12 bytes. Pasi, could you elaborate?

Again, I'm not suggesting changing it from 12 bytes; just allowing
the agility to change it in the future without new TLS version.

One (somewhat hypothetical) use would be a cipher suite that tries 
to have _everything_ at 256-bit security level (maybe for some 
government approval reasons; not today, but maybe 5 years from now).

You might argue that this kind of security level isn't really
needed, but then again, some people seem to be willing to go
to great lengths to match these "security levels" (just think
of SHA-224.. :-)

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 49: Finished.verify length
  - From: Eric Rescorla

References:
- Re: [TLS] Issue 49: Finished.verify length
  - From: Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length
  - From: Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length
  - From: Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length
  - From: Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Issue 49: Finished.verify length
Next by Date: Re: [TLS] Issue 49: Finished.verify length
Previous by thread: Re: [TLS] Issue 49: Finished.verify length
Next by thread: Re: [TLS] Issue 49: Finished.verify length
Index(es):
- Date
- Thread

RE: [TLS] Issue 49: Finished.verify length

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.